{"url":"http://public2.vulnerablecode.io/api/packages/6246?format=json","purl":"pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7","type":"deb","namespace":"debian","name":"krb5","version":"1.6.dfsg.4~beta1-5lenny7","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.20.1-2+deb12u4","latest_non_vulnerable_version":"1.20.1-2+deb12u4","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74980?format=json","vulnerability_id":"VCID-11jm-yxbs-1kfj","summary":"The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1527.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1527.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1527","reference_id":"","reference_type":"","scores":[{"value":"0.02618","scoring_system":"epss","scoring_elements":"0.85938","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02618","scoring_system":"epss","scoring_elements":"0.8596","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02618","scoring_system":"epss","scoring_elements":"0.85964","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1527"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1527","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1527"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367","reference_id":"646367","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=737711","reference_id":"737711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=737711"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1379","reference_id":"RHSA-2011:1379","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1379"},{"reference_url":"https://usn.ubuntu.com/1233-1/","reference_id":"USN-1233-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1233-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2011-1527"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11jm-yxbs-1kfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75006?format=json","vulnerability_id":"VCID-1nn6-mr7d-wyhk","summary":"The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial \"kadmind\" substring, as demonstrated by a \"ka/x\" principal.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9422.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9422.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9422","reference_id":"","reference_type":"","scores":[{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74304","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74337","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74342","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179861","reference_id":"1179861","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0439","reference_id":"RHSA-2015:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0794","reference_id":"RHSA-2015:0794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0794"},{"reference_url":"https://usn.ubuntu.com/2498-1/","reference_id":"USN-2498-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2498-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-9422"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1nn6-mr7d-wyhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74962?format=json","vulnerability_id":"VCID-1sps-s2a3-wbad","summary":"The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3295.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3295.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3295","reference_id":"","reference_type":"","scores":[{"value":"0.02737","scoring_system":"epss","scoring_elements":"0.86248","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02737","scoring_system":"epss","scoring_elements":"0.8627","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02737","scoring_system":"epss","scoring_elements":"0.86272","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3295"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3295","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3295"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=545002","reference_id":"545002","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=545002"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://usn.ubuntu.com/879-1/","reference_id":"USN-879-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/879-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6247?format=json","purl":"pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7"}],"aliases":["CVE-2009-3295"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1sps-s2a3-wbad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74959?format=json","vulnerability_id":"VCID-1u82-w13p-cfbk","summary":"The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0845.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0845.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0845","reference_id":"","reference_type":"","scores":[{"value":"0.19309","scoring_system":"epss","scoring_elements":"0.95488","published_at":"2026-06-04T12:55:00Z"},{"value":"0.19309","scoring_system":"epss","scoring_elements":"0.95496","published_at":"2026-06-05T12:55:00Z"},{"value":"0.19309","scoring_system":"epss","scoring_elements":"0.95499","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0845"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=490634","reference_id":"490634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=490634"},{"reference_url":"https://security.gentoo.org/glsa/200904-09","reference_id":"GLSA-200904-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200904-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0408","reference_id":"RHSA-2009:0408","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0408"},{"reference_url":"https://usn.ubuntu.com/755-1/","reference_id":"USN-755-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/755-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6247?format=json","purl":"pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7"}],"aliases":["CVE-2009-0845"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1u82-w13p-cfbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74997?format=json","vulnerability_id":"VCID-2674-wgen-1qbk","summary":"Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4343.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4343.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4343","reference_id":"","reference_type":"","scores":[{"value":"0.07384","scoring_system":"epss","scoring_elements":"0.91864","published_at":"2026-06-04T12:55:00Z"},{"value":"0.07384","scoring_system":"epss","scoring_elements":"0.91876","published_at":"2026-06-05T12:55:00Z"},{"value":"0.07384","scoring_system":"epss","scoring_elements":"0.91877","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1121876","reference_id":"1121876","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1121876"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755520","reference_id":"755520","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755520"},{"reference_url":"https://security.gentoo.org/glsa/201412-53","reference_id":"GLSA-201412-53","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-53"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1389","reference_id":"RHSA-2014:1389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0439","reference_id":"RHSA-2015:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0439"},{"reference_url":"https://usn.ubuntu.com/2310-1/","reference_id":"USN-2310-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2310-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-4343"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2674-wgen-1qbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75015?format=json","vulnerability_id":"VCID-2tn3-dfqx-5yc9","summary":"Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8631.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8631.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8631","reference_id":"","reference_type":"","scores":[{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85985","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.86006","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.86009","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8629","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8631"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302642","reference_id":"1302642","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302642"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813126","reference_id":"813126","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0493","reference_id":"RHSA-2016:0493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0532","reference_id":"RHSA-2016:0532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0532"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6251?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2015-8631"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2tn3-dfqx-5yc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61752?format=json","vulnerability_id":"VCID-3d22-kr2u-tuck","summary":"krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40355.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40355.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40355","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28666","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28707","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135317","reference_id":"1135317","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135317"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463370","reference_id":"2463370","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463370"},{"reference_url":"https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f","reference_id":"2e75f0d9362fb979f5fc92829431a590a130929f","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T12:53:15Z/"}],"url":"https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f"},{"reference_url":"https://web.mit.edu/kerberos/advisories/","reference_id":"advisories","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T12:53:15Z/"}],"url":"https://web.mit.edu/kerberos/advisories/"},{"reference_url":"https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html","reference_id":"krb5-two-unauthenticated-network-vulnerabilities.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T12:53:15Z/"}],"url":"https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12220","reference_id":"RHSA-2026:12220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16799","reference_id":"RHSA-2026:16799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19145","reference_id":"RHSA-2026:19145","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19145"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19357","reference_id":"RHSA-2026:19357","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19357"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21275","reference_id":"RHSA-2026:21275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22634","reference_id":"RHSA-2026:22634","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22634"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/773967?format=json","purl":"pkg:deb/debian/krb5@1.20.1-2%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.20.1-2%252Bdeb12u4"}],"aliases":["CVE-2026-40355"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3d22-kr2u-tuck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75003?format=json","vulnerability_id":"VCID-3df1-58jr-e7gv","summary":"plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin \"add_principal -nokey\" or \"purgekeys -all\" command.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5354.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5354.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5354","reference_id":"","reference_type":"","scores":[{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67978","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.68017","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.68025","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5354"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1174546","reference_id":"1174546","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1174546"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773228","reference_id":"773228","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773228"},{"reference_url":"https://usn.ubuntu.com/2498-1/","reference_id":"USN-2498-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2498-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-5354"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3df1-58jr-e7gv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74983?format=json","vulnerability_id":"VCID-3jcm-y59r-47a5","summary":"The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1530.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1530.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1530","reference_id":"","reference_type":"","scores":[{"value":"0.00934","scoring_system":"epss","scoring_elements":"0.76529","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00934","scoring_system":"epss","scoring_elements":"0.76559","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00934","scoring_system":"epss","scoring_elements":"0.76564","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1530","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1530"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=753748","reference_id":"753748","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=753748"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1790","reference_id":"RHSA-2011:1790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1790"},{"reference_url":"https://usn.ubuntu.com/1290-1/","reference_id":"USN-1290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2011-1530"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3jcm-y59r-47a5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75022?format=json","vulnerability_id":"VCID-3tas-mucv-aufk","summary":"An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function \"strlen\" is getting a \"NULL\" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5710.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5710.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5710","reference_id":"","reference_type":"","scores":[{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60026","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60073","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60076","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5710"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1535575","reference_id":"1535575","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1535575"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889685","reference_id":"889685","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889685"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6253?format=json","purl":"pkg:deb/debian/krb5@1.17-3%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4"}],"aliases":["CVE-2018-5710"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3tas-mucv-aufk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75002?format=json","vulnerability_id":"VCID-42rr-7ajf-eqg7","summary":"The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5353.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5353.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5353","reference_id":"","reference_type":"","scores":[{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.68272","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.68313","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.68321","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5353","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5353"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1174543","reference_id":"1174543","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1174543"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773226","reference_id":"773226","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773226"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0439","reference_id":"RHSA-2015:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0794","reference_id":"RHSA-2015:0794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0794"},{"reference_url":"https://usn.ubuntu.com/2498-1/","reference_id":"USN-2498-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2498-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-5353"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-42rr-7ajf-eqg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75020?format=json","vulnerability_id":"VCID-4mm3-t6eu-4qde","summary":"A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20217.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20217.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20217","reference_id":"","reference_type":"","scores":[{"value":"0.02665","scoring_system":"epss","scoring_elements":"0.86077","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02665","scoring_system":"epss","scoring_elements":"0.86098","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02665","scoring_system":"epss","scoring_elements":"0.86102","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20217"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1665296","reference_id":"1665296","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1665296"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917387","reference_id":"917387","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917387"},{"reference_url":"https://usn.ubuntu.com/5828-1/","reference_id":"USN-5828-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5828-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6253?format=json","purl":"pkg:deb/debian/krb5@1.17-3%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4"}],"aliases":["CVE-2018-20217"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4mm3-t6eu-4qde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72438?format=json","vulnerability_id":"VCID-53pj-pwxv-qqhv","summary":"Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4862.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4862.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4862","reference_id":"","reference_type":"","scores":[{"value":"0.92585","scoring_system":"epss","scoring_elements":"0.99755","published_at":"2026-06-05T12:55:00Z"},{"value":"0.92585","scoring_system":"epss","scoring_elements":"0.99756","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4862"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=770325","reference_id":"770325","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=770325"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/remote/18369.rb","reference_id":"CVE-2011-4862;OSVDB-78020","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/remote/18369.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/18280.c","reference_id":"CVE-2011-4862;OSVDB-78020","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/18280.c"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/18368.rb","reference_id":"CVE-2011-4862;OSVDB-78020","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/18368.rb"},{"reference_url":"https://security.gentoo.org/glsa/201201-14","reference_id":"GLSA-201201-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-14"},{"reference_url":"https://security.gentoo.org/glsa/201202-05","reference_id":"GLSA-201202-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201202-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1851","reference_id":"RHSA-2011:1851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1852","reference_id":"RHSA-2011:1852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1853","reference_id":"RHSA-2011:1853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1854","reference_id":"RHSA-2011:1854","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1854"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6247?format=json","purl":"pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7"}],"aliases":["CVE-2011-4862"],"risk_score":1.6,"exploitability":"2.0","weighted_severity":"0.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53pj-pwxv-qqhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75005?format=json","vulnerability_id":"VCID-596a-s3un-vbbc","summary":"The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9421.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9421.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9421","reference_id":"","reference_type":"","scores":[{"value":"0.05356","scoring_system":"epss","scoring_elements":"0.90245","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05356","scoring_system":"epss","scoring_elements":"0.90261","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05356","scoring_system":"epss","scoring_elements":"0.90259","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9421"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179857","reference_id":"1179857","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0439","reference_id":"RHSA-2015:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0794","reference_id":"RHSA-2015:0794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0794"},{"reference_url":"https://usn.ubuntu.com/2498-1/","reference_id":"USN-2498-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2498-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-9421"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-596a-s3un-vbbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74970?format=json","vulnerability_id":"VCID-5jja-ssqm-skhu","summary":"MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1323.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1323.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1323","reference_id":"","reference_type":"","scores":[{"value":"0.04735","scoring_system":"epss","scoring_elements":"0.89594","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04735","scoring_system":"epss","scoring_elements":"0.89612","published_at":"2026-06-05T12:55:00Z"},{"value":"0.04735","scoring_system":"epss","scoring_elements":"0.89611","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1323"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1323","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1323"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605553","reference_id":"605553","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605553"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=648734","reference_id":"648734","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=648734"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0925","reference_id":"RHSA-2010:0925","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0926","reference_id":"RHSA-2010:0926","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0926"},{"reference_url":"https://usn.ubuntu.com/1030-1/","reference_id":"USN-1030-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1030-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6247?format=json","purl":"pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7"}],"aliases":["CVE-2010-1323"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5jja-ssqm-skhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74957?format=json","vulnerability_id":"VCID-5thq-ff3f-h7f6","summary":"The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0844.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0844.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0844","reference_id":"","reference_type":"","scores":[{"value":"0.03433","scoring_system":"epss","scoring_elements":"0.8769","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03433","scoring_system":"epss","scoring_elements":"0.87711","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03433","scoring_system":"epss","scoring_elements":"0.87713","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0844"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=491033","reference_id":"491033","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=491033"},{"reference_url":"https://security.gentoo.org/glsa/200904-09","reference_id":"GLSA-200904-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200904-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0408","reference_id":"RHSA-2009:0408","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0408"},{"reference_url":"https://usn.ubuntu.com/755-1/","reference_id":"USN-755-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/755-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6247?format=json","purl":"pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7"}],"aliases":["CVE-2009-0844"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5thq-ff3f-h7f6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75004?format=json","vulnerability_id":"VCID-6jnk-3rfw-nkh8","summary":"MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5355.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5355.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5355","reference_id":"","reference_type":"","scores":[{"value":"0.08201","scoring_system":"epss","scoring_elements":"0.92352","published_at":"2026-06-04T12:55:00Z"},{"value":"0.08201","scoring_system":"epss","scoring_elements":"0.92366","published_at":"2026-06-05T12:55:00Z"},{"value":"0.08201","scoring_system":"epss","scoring_elements":"0.92362","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5355"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1193939","reference_id":"1193939","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1193939"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778647","reference_id":"778647","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0794","reference_id":"RHSA-2015:0794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0794"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2154","reference_id":"RHSA-2015:2154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2154"},{"reference_url":"https://usn.ubuntu.com/2810-1/","reference_id":"USN-2810-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2810-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-5355"],"risk_score":1.2,"exploitability":"0.5","weighted_severity":"2.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jnk-3rfw-nkh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74973?format=json","vulnerability_id":"VCID-7ey4-ge6f-9uct","summary":"The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a \"KrbFastReq forgery issue.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4021.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4021.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4021","reference_id":"","reference_type":"","scores":[{"value":"0.0047","scoring_system":"epss","scoring_elements":"0.64922","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0047","scoring_system":"epss","scoring_elements":"0.64965","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0047","scoring_system":"epss","scoring_elements":"0.64975","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4021"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=648736","reference_id":"648736","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=648736"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://usn.ubuntu.com/1030-1/","reference_id":"USN-1030-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1030-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6247?format=json","purl":"pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7"}],"aliases":["CVE-2010-4021"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ey4-ge6f-9uct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74874?format=json","vulnerability_id":"VCID-7wnb-bhuv-tycp","summary":"schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-2443.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-2443.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2002-2443","reference_id":"","reference_type":"","scores":[{"value":"0.15013","scoring_system":"epss","scoring_elements":"0.94695","published_at":"2026-06-04T12:55:00Z"},{"value":"0.15013","scoring_system":"epss","scoring_elements":"0.94704","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2002-2443"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2443","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2443"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708267","reference_id":"708267","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708267"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=962531","reference_id":"962531","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=962531"},{"reference_url":"https://security.gentoo.org/glsa/201312-12","reference_id":"GLSA-201312-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201312-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0942","reference_id":"RHSA-2013:0942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0942"},{"reference_url":"https://usn.ubuntu.com/2810-1/","reference_id":"USN-2810-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2810-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2002-2443"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7wnb-bhuv-tycp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74982?format=json","vulnerability_id":"VCID-8fxt-3wg4-dkbb","summary":"The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1529.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1529.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1529","reference_id":"","reference_type":"","scores":[{"value":"0.02376","scoring_system":"epss","scoring_elements":"0.85263","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02376","scoring_system":"epss","scoring_elements":"0.85287","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02376","scoring_system":"epss","scoring_elements":"0.85292","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1529"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367","reference_id":"646367","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=737711","reference_id":"737711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=737711"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1379","reference_id":"RHSA-2011:1379","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1379"},{"reference_url":"https://usn.ubuntu.com/1233-1/","reference_id":"USN-1233-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1233-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2011-1529"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8fxt-3wg4-dkbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74963?format=json","vulnerability_id":"VCID-9axv-m7xk-quax","summary":"Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4212.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4212.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4212","reference_id":"","reference_type":"","scores":[{"value":"0.16485","scoring_system":"epss","scoring_elements":"0.95019","published_at":"2026-06-04T12:55:00Z"},{"value":"0.16485","scoring_system":"epss","scoring_elements":"0.95028","published_at":"2026-06-05T12:55:00Z"},{"value":"0.16485","scoring_system":"epss","scoring_elements":"0.95029","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4212","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4212"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=545015","reference_id":"545015","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=545015"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0029","reference_id":"RHSA-2010:0029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0029"},{"reference_url":"https://usn.ubuntu.com/881-1/","reference_id":"USN-881-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/881-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6247?format=json","purl":"pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7"}],"aliases":["CVE-2009-4212"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9axv-m7xk-quax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74966?format=json","vulnerability_id":"VCID-a4cc-w95t-8fh6","summary":"Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0629.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0629.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0629","reference_id":"","reference_type":"","scores":[{"value":"0.02284","scoring_system":"epss","scoring_elements":"0.84991","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02284","scoring_system":"epss","scoring_elements":"0.85015","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02284","scoring_system":"epss","scoring_elements":"0.85019","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0629","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0629"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=576011","reference_id":"576011","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=576011"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0343","reference_id":"RHSA-2010:0343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0343"},{"reference_url":"https://usn.ubuntu.com/924-1/","reference_id":"USN-924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/924-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6247?format=json","purl":"pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7"}],"aliases":["CVE-2010-0629"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a4cc-w95t-8fh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74985?format=json","vulnerability_id":"VCID-at3s-18x4-n7e2","summary":"server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1012.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1012.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1012","reference_id":"","reference_type":"","scores":[{"value":"0.00238","scoring_system":"epss","scoring_elements":"0.47041","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00238","scoring_system":"epss","scoring_elements":"0.47106","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00238","scoring_system":"epss","scoring_elements":"0.47109","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1012"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670918","reference_id":"670918","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670918"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=796438","reference_id":"796438","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=796438"},{"reference_url":"https://usn.ubuntu.com/1520-1/","reference_id":"USN-1520-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1520-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2012-1012"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-at3s-18x4-n7e2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75008?format=json","vulnerability_id":"VCID-b6a9-hnjx-c3gk","summary":"The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2694.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2694.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2694","reference_id":"","reference_type":"","scores":[{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75903","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75929","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2694"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2694","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2694"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1216133","reference_id":"1216133","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1216133"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783557","reference_id":"783557","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783557"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2154","reference_id":"RHSA-2015:2154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2154"},{"reference_url":"https://usn.ubuntu.com/2810-1/","reference_id":"USN-2810-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2810-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2015-2694"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b6a9-hnjx-c3gk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74993?format=json","vulnerability_id":"VCID-bdmc-p544-bfg9","summary":"do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1417.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1417.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1417","reference_id":"","reference_type":"","scores":[{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.68062","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.68101","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.68109","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1417"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1417"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1030743","reference_id":"1030743","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1030743"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730085","reference_id":"730085","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730085"},{"reference_url":"https://security.gentoo.org/glsa/201312-12","reference_id":"GLSA-201312-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201312-12"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2013-1417"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bdmc-p544-bfg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74984?format=json","vulnerability_id":"VCID-bg27-2hv6-m7cx","summary":"The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4151.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4151.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4151","reference_id":"","reference_type":"","scores":[{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.79281","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.79308","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.79313","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4151"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4151","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4151"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367","reference_id":"646367","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=737711","reference_id":"737711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=737711"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2011-4151"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bg27-2hv6-m7cx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74974?format=json","vulnerability_id":"VCID-bkdg-dybz-t3fy","summary":"The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process \"exits abnormally,\" which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4022.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4022.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4022","reference_id":"","reference_type":"","scores":[{"value":"0.08988","scoring_system":"epss","scoring_elements":"0.92761","published_at":"2026-06-04T12:55:00Z"},{"value":"0.08988","scoring_system":"epss","scoring_elements":"0.92774","published_at":"2026-06-05T12:55:00Z"},{"value":"0.08988","scoring_system":"epss","scoring_elements":"0.92769","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4022"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=664009","reference_id":"664009","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=664009"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0200","reference_id":"RHSA-2011:0200","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0200"},{"reference_url":"https://usn.ubuntu.com/1062-1/","reference_id":"USN-1062-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1062-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2010-4022"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bkdg-dybz-t3fy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74991?format=json","vulnerability_id":"VCID-bkqm-d2bp-f7fe","summary":"The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1416.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1416.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1416","reference_id":"","reference_type":"","scores":[{"value":"0.02274","scoring_system":"epss","scoring_elements":"0.84961","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02274","scoring_system":"epss","scoring_elements":"0.84985","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02274","scoring_system":"epss","scoring_elements":"0.84989","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1416"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704775","reference_id":"704775","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704775"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=949984","reference_id":"949984","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=949984"},{"reference_url":"https://security.gentoo.org/glsa/201312-12","reference_id":"GLSA-201312-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201312-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0748","reference_id":"RHSA-2013:0748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0748"},{"reference_url":"https://usn.ubuntu.com/2310-1/","reference_id":"USN-2310-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2310-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2013-1416"],"risk_score":1.0,"exploitability":"0.5","weighted_severity":"2.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bkqm-d2bp-f7fe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74902?format=json","vulnerability_id":"VCID-c2t4-3vdu-wqf1","summary":"Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0488.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0488.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0488","reference_id":"","reference_type":"","scores":[{"value":"0.11677","scoring_system":"epss","scoring_elements":"0.93808","published_at":"2026-06-04T12:55:00Z"},{"value":"0.11677","scoring_system":"epss","scoring_elements":"0.93817","published_at":"2026-06-05T12:55:00Z"},{"value":"0.11677","scoring_system":"epss","scoring_elements":"0.93816","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0488"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617531","reference_id":"1617531","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617531"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:504","reference_id":"RHSA-2005:504","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:504"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:562","reference_id":"RHSA-2005:562","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:562"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6247?format=json","purl":"pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7"}],"aliases":["CVE-2005-0488"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c2t4-3vdu-wqf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74967?format=json","vulnerability_id":"VCID-c3qw-eazy-nyer","summary":"Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1320.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1320.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1320","reference_id":"","reference_type":"","scores":[{"value":"0.22068","scoring_system":"epss","scoring_elements":"0.95892","published_at":"2026-06-04T12:55:00Z"},{"value":"0.22068","scoring_system":"epss","scoring_elements":"0.95896","published_at":"2026-06-05T12:55:00Z"},{"value":"0.22068","scoring_system":"epss","scoring_elements":"0.95899","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1320"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1320","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1320"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490","reference_id":"577490","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=581922","reference_id":"581922","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=581922"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33855.txt","reference_id":"CVE-2010-1320;OSVDB-63975","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33855.txt"},{"reference_url":"https://www.securityfocus.com/bid/39599/info","reference_id":"CVE-2010-1320;OSVDB-63975","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/39599/info"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://usn.ubuntu.com/940-1/","reference_id":"USN-940-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/940-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6247?format=json","purl":"pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7"}],"aliases":["CVE-2010-1320"],"risk_score":0.4,"exploitability":"2.0","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c3qw-eazy-nyer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74972?format=json","vulnerability_id":"VCID-c5ev-cgh8-3kda","summary":"MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4020.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4020.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4020","reference_id":"","reference_type":"","scores":[{"value":"0.00535","scoring_system":"epss","scoring_elements":"0.67786","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00535","scoring_system":"epss","scoring_elements":"0.67826","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00535","scoring_system":"epss","scoring_elements":"0.67833","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4020"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605553","reference_id":"605553","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605553"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=648735","reference_id":"648735","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=648735"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0925","reference_id":"RHSA-2010:0925","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0925"},{"reference_url":"https://usn.ubuntu.com/1030-1/","reference_id":"USN-1030-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1030-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6247?format=json","purl":"pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7"}],"aliases":["CVE-2010-4020"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c5ev-cgh8-3kda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75023?format=json","vulnerability_id":"VCID-c5he-57zg-fybc","summary":"MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5729.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5729.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5729","reference_id":"","reference_type":"","scores":[{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22938","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2302","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.23006","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5729"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1551083","reference_id":"1551083","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1551083"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869","reference_id":"891869","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869"},{"reference_url":"https://security.archlinux.org/ASA-201806-3","reference_id":"ASA-201806-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-3"},{"reference_url":"https://security.archlinux.org/AVG-586","reference_id":"AVG-586","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-586"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3071","reference_id":"RHSA-2018:3071","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3071"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6253?format=json","purl":"pkg:deb/debian/krb5@1.17-3%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4"}],"aliases":["CVE-2018-5729"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c5he-57zg-fybc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74961?format=json","vulnerability_id":"VCID-d2qf-r6jd-r3c7","summary":"The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0847.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0847.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0847","reference_id":"","reference_type":"","scores":[{"value":"0.20287","scoring_system":"epss","scoring_elements":"0.95633","published_at":"2026-06-04T12:55:00Z"},{"value":"0.20287","scoring_system":"epss","scoring_elements":"0.95639","published_at":"2026-06-05T12:55:00Z"},{"value":"0.20287","scoring_system":"epss","scoring_elements":"0.95643","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0847"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0847","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0847"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=491034","reference_id":"491034","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=491034"},{"reference_url":"https://security.gentoo.org/glsa/200904-09","reference_id":"GLSA-200904-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200904-09"},{"reference_url":"https://usn.ubuntu.com/755-1/","reference_id":"USN-755-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/755-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6247?format=json","purl":"pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7"}],"aliases":["CVE-2009-0847"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d2qf-r6jd-r3c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74978?format=json","vulnerability_id":"VCID-d42v-zwu4-a3ge","summary":"Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0284.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0284.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0284","reference_id":"","reference_type":"","scores":[{"value":"0.2264","scoring_system":"epss","scoring_elements":"0.9596","published_at":"2026-06-04T12:55:00Z"},{"value":"0.2264","scoring_system":"epss","scoring_elements":"0.95964","published_at":"2026-06-05T12:55:00Z"},{"value":"0.2264","scoring_system":"epss","scoring_elements":"0.95968","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0284"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618517","reference_id":"618517","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618517"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=674325","reference_id":"674325","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=674325"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0356","reference_id":"RHSA-2011:0356","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0356"},{"reference_url":"https://usn.ubuntu.com/1088-1/","reference_id":"USN-1088-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1088-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2011-0284"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d42v-zwu4-a3ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74988?format=json","vulnerability_id":"VCID-d53g-faqf-gfdp","summary":"The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1015.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1015.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1015","reference_id":"","reference_type":"","scores":[{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79537","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79563","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79569","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1015"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683429","reference_id":"683429","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683429"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=838012","reference_id":"838012","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=838012"},{"reference_url":"https://security.gentoo.org/glsa/201312-12","reference_id":"GLSA-201312-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201312-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1131","reference_id":"RHSA-2012:1131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1131"},{"reference_url":"https://usn.ubuntu.com/1520-1/","reference_id":"USN-1520-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1520-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2012-1015"],"risk_score":1.2,"exploitability":"0.5","weighted_severity":"2.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d53g-faqf-gfdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75007?format=json","vulnerability_id":"VCID-dbaq-qjd2-d7c9","summary":"The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9423.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9423.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9423","reference_id":"","reference_type":"","scores":[{"value":"0.01537","scoring_system":"epss","scoring_elements":"0.81674","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01537","scoring_system":"epss","scoring_elements":"0.81705","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179863","reference_id":"1179863","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179863"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0439","reference_id":"RHSA-2015:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0439"},{"reference_url":"https://usn.ubuntu.com/2498-1/","reference_id":"USN-2498-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2498-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-9423"],"risk_score":1.2,"exploitability":"0.5","weighted_severity":"2.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dbaq-qjd2-d7c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75018?format=json","vulnerability_id":"VCID-e1xu-a882-s3ga","summary":"The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3120.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3120.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3120","reference_id":"","reference_type":"","scores":[{"value":"0.0432","scoring_system":"epss","scoring_elements":"0.89087","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0432","scoring_system":"epss","scoring_elements":"0.89104","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0432","scoring_system":"epss","scoring_elements":"0.89105","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3120"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1361050","reference_id":"1361050","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1361050"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832572","reference_id":"832572","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832572"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2591","reference_id":"RHSA-2016:2591","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2591"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2016-3120"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e1xu-a882-s3ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75027?format=json","vulnerability_id":"VCID-ekzs-tuvp-ybfq","summary":"ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36222.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36222.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36222","reference_id":"","reference_type":"","scores":[{"value":"0.06615","scoring_system":"epss","scoring_elements":"0.91351","published_at":"2026-06-04T12:55:00Z"},{"value":"0.06615","scoring_system":"epss","scoring_elements":"0.91364","published_at":"2026-06-05T12:55:00Z"},{"value":"0.06615","scoring_system":"epss","scoring_elements":"0.91366","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36222"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1983720","reference_id":"1983720","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1983720"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991365","reference_id":"991365","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991365"},{"reference_url":"https://security.archlinux.org/AVG-2173","reference_id":"AVG-2173","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2173"},{"reference_url":"https://security.gentoo.org/glsa/202405-11","reference_id":"GLSA-202405-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3576","reference_id":"RHSA-2021:3576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3576"},{"reference_url":"https://usn.ubuntu.com/5959-1/","reference_id":"USN-5959-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5959-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6253?format=json","purl":"pkg:deb/debian/krb5@1.17-3%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/538439?format=json","purl":"pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5"}],"aliases":["CVE-2021-36222"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ekzs-tuvp-ybfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74994?format=json","vulnerability_id":"VCID-esm3-3qwz-cud2","summary":"The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1418.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1418.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1418","reference_id":"","reference_type":"","scores":[{"value":"0.07674","scoring_system":"epss","scoring_elements":"0.92046","published_at":"2026-06-04T12:55:00Z"},{"value":"0.07674","scoring_system":"epss","scoring_elements":"0.92058","published_at":"2026-06-05T12:55:00Z"},{"value":"0.07674","scoring_system":"epss","scoring_elements":"0.92056","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1026942","reference_id":"1026942","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1026942"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728845","reference_id":"728845","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728845"},{"reference_url":"https://security.gentoo.org/glsa/201312-12","reference_id":"GLSA-201312-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201312-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1245","reference_id":"RHSA-2014:1245","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1389","reference_id":"RHSA-2014:1389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1389"},{"reference_url":"https://usn.ubuntu.com/2310-1/","reference_id":"USN-2310-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2310-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2013-1418"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-esm3-3qwz-cud2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74989?format=json","vulnerability_id":"VCID-ezm2-e8zw-g7dg","summary":"The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1016.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1016.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1016","reference_id":"","reference_type":"","scores":[{"value":"0.00643","scoring_system":"epss","scoring_elements":"0.71018","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00643","scoring_system":"epss","scoring_elements":"0.7106","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00643","scoring_system":"epss","scoring_elements":"0.71067","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1016"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1016","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1016"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702633","reference_id":"702633","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702633"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=917840","reference_id":"917840","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=917840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0656","reference_id":"RHSA-2013:0656","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0656"},{"reference_url":"https://usn.ubuntu.com/2310-1/","reference_id":"USN-2310-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2310-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2012-1016"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ezm2-e8zw-g7dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74995?format=json","vulnerability_id":"VCID-f343-u3jt-pkfy","summary":"MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4341.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4341.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4341","reference_id":"","reference_type":"","scores":[{"value":"0.14451","scoring_system":"epss","scoring_elements":"0.94559","published_at":"2026-06-04T12:55:00Z"},{"value":"0.14451","scoring_system":"epss","scoring_elements":"0.94567","published_at":"2026-06-05T12:55:00Z"},{"value":"0.14451","scoring_system":"epss","scoring_elements":"0.94569","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1116180","reference_id":"1116180","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1116180"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753624","reference_id":"753624","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753624"},{"reference_url":"https://security.gentoo.org/glsa/201412-53","reference_id":"GLSA-201412-53","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-53"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1245","reference_id":"RHSA-2014:1245","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1389","reference_id":"RHSA-2014:1389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0439","reference_id":"RHSA-2015:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0439"},{"reference_url":"https://usn.ubuntu.com/2310-1/","reference_id":"USN-2310-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2310-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-4341"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f343-u3jt-pkfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74965?format=json","vulnerability_id":"VCID-f72c-txrr-ukga","summary":"The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0628.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0628.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0628","reference_id":"","reference_type":"","scores":[{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76405","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76433","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76434","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0628"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=566258","reference_id":"566258","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=566258"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575740","reference_id":"575740","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575740"},{"reference_url":"https://usn.ubuntu.com/916-1/","reference_id":"USN-916-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/916-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6247?format=json","purl":"pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7"}],"aliases":["CVE-2010-0628"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f72c-txrr-ukga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75011?format=json","vulnerability_id":"VCID-fcy5-mv1a-n7dh","summary":"The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\\0' character in a long realm field within a TGS request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2697.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2697.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2697","reference_id":"","reference_type":"","scores":[{"value":"0.05447","scoring_system":"epss","scoring_elements":"0.90342","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05447","scoring_system":"epss","scoring_elements":"0.90357","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05447","scoring_system":"epss","scoring_elements":"0.90356","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2697"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1275863","reference_id":"1275863","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1275863"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803088","reference_id":"803088","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803088"},{"reference_url":"https://security.gentoo.org/glsa/201611-14","reference_id":"GLSA-201611-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201611-14"},{"reference_url":"https://usn.ubuntu.com/2810-1/","reference_id":"USN-2810-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2810-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6251?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2015-2697"],"risk_score":1.7,"exploitability":"0.5","weighted_severity":"3.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fcy5-mv1a-n7dh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75014?format=json","vulnerability_id":"VCID-fvfb-k9ar-93eu","summary":"The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8630.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8630.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8630","reference_id":"","reference_type":"","scores":[{"value":"0.03623","scoring_system":"epss","scoring_elements":"0.88014","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03623","scoring_system":"epss","scoring_elements":"0.88034","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03623","scoring_system":"epss","scoring_elements":"0.88038","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8630"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8630","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8630"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302632","reference_id":"1302632","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302632"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813127","reference_id":"813127","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0532","reference_id":"RHSA-2016:0532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0532"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2015-8630"],"risk_score":0.6,"exploitability":"0.5","weighted_severity":"1.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fvfb-k9ar-93eu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74964?format=json","vulnerability_id":"VCID-g9nw-c9d1-a3er","summary":"The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0283.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0283.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0283","reference_id":"","reference_type":"","scores":[{"value":"0.03728","scoring_system":"epss","scoring_elements":"0.88194","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03728","scoring_system":"epss","scoring_elements":"0.88214","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03728","scoring_system":"epss","scoring_elements":"0.88217","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0283"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=556680","reference_id":"556680","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=556680"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://usn.ubuntu.com/916-1/","reference_id":"USN-916-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/916-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6247?format=json","purl":"pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7"}],"aliases":["CVE-2010-0283"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g9nw-c9d1-a3er"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75016?format=json","vulnerability_id":"VCID-h23e-nhyz-8uda","summary":"The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3119.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3119.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3119","reference_id":"","reference_type":"","scores":[{"value":"0.10203","scoring_system":"epss","scoring_elements":"0.93271","published_at":"2026-06-04T12:55:00Z"},{"value":"0.10203","scoring_system":"epss","scoring_elements":"0.93283","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3119"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3119","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3119"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1319616","reference_id":"1319616","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1319616"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819468","reference_id":"819468","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2591","reference_id":"RHSA-2016:2591","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2591"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2016-3119"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h23e-nhyz-8uda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74990?format=json","vulnerability_id":"VCID-hre7-pp7p-13fs","summary":"The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1415.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1415.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1415","reference_id":"","reference_type":"","scores":[{"value":"0.01588","scoring_system":"epss","scoring_elements":"0.81961","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01588","scoring_system":"epss","scoring_elements":"0.81994","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01588","scoring_system":"epss","scoring_elements":"0.81995","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1415"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=914749","reference_id":"914749","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=914749"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0656","reference_id":"RHSA-2013:0656","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0656"},{"reference_url":"https://usn.ubuntu.com/2310-1/","reference_id":"USN-2310-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2310-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2013-1415"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hre7-pp7p-13fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6879?format=json","vulnerability_id":"VCID-husp-fm64-nfa9","summary":"denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37750.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37750.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37750","reference_id":"","reference_type":"","scores":[{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72752","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72791","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72799","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37750"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1996834","reference_id":"1996834","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1996834"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992607","reference_id":"992607","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992607"},{"reference_url":"https://security.archlinux.org/AVG-2312","reference_id":"AVG-2312","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2312"},{"reference_url":"https://security.gentoo.org/glsa/202405-11","reference_id":"GLSA-202405-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3576","reference_id":"RHSA-2021:3576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4788","reference_id":"RHSA-2021:4788","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4788"},{"reference_url":"https://usn.ubuntu.com/5959-1/","reference_id":"USN-5959-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5959-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/538439?format=json","purl":"pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5"}],"aliases":["CVE-2021-37750"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-husp-fm64-nfa9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74998?format=json","vulnerability_id":"VCID-j145-f5mp-xkeq","summary":"The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4344.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4344.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4344","reference_id":"","reference_type":"","scores":[{"value":"0.0527","scoring_system":"epss","scoring_elements":"0.90169","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0527","scoring_system":"epss","scoring_elements":"0.90185","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0527","scoring_system":"epss","scoring_elements":"0.90183","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4344"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1121877","reference_id":"1121877","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1121877"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755521","reference_id":"755521","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1245","reference_id":"RHSA-2014:1245","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1389","reference_id":"RHSA-2014:1389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0439","reference_id":"RHSA-2015:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0439"},{"reference_url":"https://usn.ubuntu.com/2310-1/","reference_id":"USN-2310-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2310-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-4344"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j145-f5mp-xkeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75024?format=json","vulnerability_id":"VCID-j6qa-q1h1-3uaq","summary":"MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a \"linkdn\" and \"containerdn\" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5730.json","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5730.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5730","reference_id":"","reference_type":"","scores":[{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.69169","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.69208","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.69217","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5730"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1551082","reference_id":"1551082","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1551082"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869","reference_id":"891869","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869"},{"reference_url":"https://security.archlinux.org/ASA-201806-3","reference_id":"ASA-201806-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-3"},{"reference_url":"https://security.archlinux.org/AVG-586","reference_id":"AVG-586","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-586"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3071","reference_id":"RHSA-2018:3071","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3071"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6253?format=json","purl":"pkg:deb/debian/krb5@1.17-3%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4"}],"aliases":["CVE-2018-5730"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j6qa-q1h1-3uaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74987?format=json","vulnerability_id":"VCID-jbf6-vrjc-syg1","summary":"The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1014.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1014.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1014","reference_id":"","reference_type":"","scores":[{"value":"0.04152","scoring_system":"epss","scoring_elements":"0.88861","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04152","scoring_system":"epss","scoring_elements":"0.88878","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1014"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683429","reference_id":"683429","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683429"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=838014","reference_id":"838014","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=838014"},{"reference_url":"https://security.gentoo.org/glsa/201312-12","reference_id":"GLSA-201312-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201312-12"},{"reference_url":"https://usn.ubuntu.com/1520-1/","reference_id":"USN-1520-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1520-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2012-1014"],"risk_score":1.0,"exploitability":"0.5","weighted_severity":"2.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jbf6-vrjc-syg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6806?format=json","vulnerability_id":"VCID-jfhc-x8j6-yuab","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37370.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37370.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37370","reference_id":"","reference_type":"","scores":[{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.68171","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.68162","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37370"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37370","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37370"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2294677","reference_id":"2294677","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2294677"},{"reference_url":"https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef","reference_id":"55fbf435edbe2e92dd8101669b1ce7144bc96fef","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-01T15:25:49Z/"}],"url":"https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef"},{"reference_url":"https://web.mit.edu/kerberos/www/advisories/","reference_id":"advisories","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-01T15:25:49Z/"}],"url":"https://web.mit.edu/kerberos/www/advisories/"},{"reference_url":"https://security.archlinux.org/AVG-2856","reference_id":"AVG-2856","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10135","reference_id":"RHSA-2024:10135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11109","reference_id":"RHSA-2024:11109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4734","reference_id":"RHSA-2024:4734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4743","reference_id":"RHSA-2024:4743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5076","reference_id":"RHSA-2024:5076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5312","reference_id":"RHSA-2024:5312","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5316","reference_id":"RHSA-2024:5316","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5316"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5625","reference_id":"RHSA-2024:5625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5625"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5630","reference_id":"RHSA-2024:5630","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5643","reference_id":"RHSA-2024:5643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5643"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5884","reference_id":"RHSA-2024:5884","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5884"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6166","reference_id":"RHSA-2024:6166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7213","reference_id":"RHSA-2024:7213","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7213"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7374","reference_id":"RHSA-2024:7374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7374"},{"reference_url":"https://usn.ubuntu.com/6947-1/","reference_id":"USN-6947-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6947-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/538439?format=json","purl":"pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5"}],"aliases":["CVE-2024-37370"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jfhc-x8j6-yuab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74975?format=json","vulnerability_id":"VCID-ksar-xuza-8kg7","summary":"The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \\n sequence.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0281.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0281.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0281","reference_id":"","reference_type":"","scores":[{"value":"0.10754","scoring_system":"epss","scoring_elements":"0.93472","published_at":"2026-06-04T12:55:00Z"},{"value":"0.10754","scoring_system":"epss","scoring_elements":"0.93483","published_at":"2026-06-05T12:55:00Z"},{"value":"0.10754","scoring_system":"epss","scoring_elements":"0.93484","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0281"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=668719","reference_id":"668719","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=668719"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0199","reference_id":"RHSA-2011:0199","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0199"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0200","reference_id":"RHSA-2011:0200","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0200"},{"reference_url":"https://usn.ubuntu.com/1062-1/","reference_id":"USN-1062-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1062-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2011-0281"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ksar-xuza-8kg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74969?format=json","vulnerability_id":"VCID-kszc-uv1w-syb1","summary":"The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1322.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1322.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1322","reference_id":"","reference_type":"","scores":[{"value":"0.01463","scoring_system":"epss","scoring_elements":"0.8121","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01463","scoring_system":"epss","scoring_elements":"0.81238","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01463","scoring_system":"epss","scoring_elements":"0.81241","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1322"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1322","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1322"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599237","reference_id":"599237","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599237"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=636335","reference_id":"636335","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=636335"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0863","reference_id":"RHSA-2010:0863","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0863"},{"reference_url":"https://usn.ubuntu.com/999-1/","reference_id":"USN-999-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/999-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6247?format=json","purl":"pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7"}],"aliases":["CVE-2010-1322"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kszc-uv1w-syb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74979?format=json","vulnerability_id":"VCID-ktuq-s8bz-1qam","summary":"The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0285.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0285.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0285","reference_id":"","reference_type":"","scores":[{"value":"0.54024","scoring_system":"epss","scoring_elements":"0.98055","published_at":"2026-06-04T12:55:00Z"},{"value":"0.54024","scoring_system":"epss","scoring_elements":"0.98057","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0285"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622681","reference_id":"622681","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622681"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=696334","reference_id":"696334","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=696334"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35606.txt","reference_id":"CVE-2011-0285;OSVDB-71789","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35606.txt"},{"reference_url":"https://www.securityfocus.com/bid/47310/info","reference_id":"CVE-2011-0285;OSVDB-71789","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/47310/info"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0447","reference_id":"RHSA-2011:0447","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0447"},{"reference_url":"https://usn.ubuntu.com/1116-1/","reference_id":"USN-1116-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1116-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2011-0285"],"risk_score":1.0,"exploitability":"2.0","weighted_severity":"0.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ktuq-s8bz-1qam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75026?format=json","vulnerability_id":"VCID-kwy5-x7m9-4qgt","summary":"MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28196.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28196.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28196","reference_id":"","reference_type":"","scores":[{"value":"0.00955","scoring_system":"epss","scoring_elements":"0.76818","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00955","scoring_system":"epss","scoring_elements":"0.76779","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00955","scoring_system":"epss","scoring_elements":"0.76812","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28196"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1901041","reference_id":"1901041","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1901041"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45KKOZQWIIIW5C45PJVGQ32AXBSYNBE7/","reference_id":"45KKOZQWIIIW5C45PJVGQ32AXBSYNBE7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45KKOZQWIIIW5C45PJVGQ32AXBSYNBE7/"},{"reference_url":"https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd","reference_id":"57415dda6cf04e73ffc3723be518eddfae599bfd","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/73IGOG6CZAVMVNS4GGRMOLOZ7B6QVA7F/","reference_id":"73IGOG6CZAVMVNS4GGRMOLOZ7B6QVA7F","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/73IGOG6CZAVMVNS4GGRMOLOZ7B6QVA7F/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973880","reference_id":"973880","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973880"},{"reference_url":"https://www.debian.org/security/2020/dsa-4795","reference_id":"dsa-4795","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://www.debian.org/security/2020/dsa-4795"},{"reference_url":"https://security.gentoo.org/glsa/202011-17","reference_id":"GLSA-202011-17","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://security.gentoo.org/glsa/202011-17"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPH2V3WSQTELROZK3GFCPQDOFLKIZ6H5/","reference_id":"KPH2V3WSQTELROZK3GFCPQDOFLKIZ6H5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPH2V3WSQTELROZK3GFCPQDOFLKIZ6H5/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00011.html","reference_id":"msg00011.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00011.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20201202-0001/","reference_id":"ntap-20201202-0001","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://security.netapp.com/advisory/ntap-20201202-0001/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210513-0002/","reference_id":"ntap-20210513-0002","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210513-0002/"},{"reference_url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","reference_id":"r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","reference_id":"rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1593","reference_id":"RHSA-2021:1593","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1593"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2239","reference_id":"RHSA-2021:2239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2239"},{"reference_url":"https://usn.ubuntu.com/4635-1/","reference_id":"USN-4635-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4635-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6253?format=json","purl":"pkg:deb/debian/krb5@1.17-3%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/538439?format=json","purl":"pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5"}],"aliases":["CVE-2020-28196"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kwy5-x7m9-4qgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75012?format=json","vulnerability_id":"VCID-mbrk-dkua-uyeq","summary":"The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2698.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2698.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2698","reference_id":"","reference_type":"","scores":[{"value":"0.00867","scoring_system":"epss","scoring_elements":"0.75505","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00867","scoring_system":"epss","scoring_elements":"0.75534","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00867","scoring_system":"epss","scoring_elements":"0.75537","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2698"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2698","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2698"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1278951","reference_id":"1278951","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1278951"},{"reference_url":"https://usn.ubuntu.com/2810-1/","reference_id":"USN-2810-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2810-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2015-2698"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbrk-dkua-uyeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74986?format=json","vulnerability_id":"VCID-ny7t-pkm8-2fb4","summary":"The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1013.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1013.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1013","reference_id":"","reference_type":"","scores":[{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77794","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77821","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77828","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1013"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687647","reference_id":"687647","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687647"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827517","reference_id":"827517","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1131","reference_id":"RHSA-2012:1131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1131"},{"reference_url":"https://usn.ubuntu.com/1520-1/","reference_id":"USN-1520-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1520-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2012-1013"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ny7t-pkm8-2fb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74971?format=json","vulnerability_id":"VCID-pbeh-n41k-s7au","summary":"MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1324.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1324.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1324","reference_id":"","reference_type":"","scores":[{"value":"0.03499","scoring_system":"epss","scoring_elements":"0.87818","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03499","scoring_system":"epss","scoring_elements":"0.87839","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03499","scoring_system":"epss","scoring_elements":"0.87841","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1324"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1324","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1324"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605553","reference_id":"605553","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605553"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=648674","reference_id":"648674","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=648674"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0925","reference_id":"RHSA-2010:0925","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0925"},{"reference_url":"https://usn.ubuntu.com/1030-1/","reference_id":"USN-1030-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1030-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6247?format=json","purl":"pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7"}],"aliases":["CVE-2010-1324"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pbeh-n41k-s7au"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75010?format=json","vulnerability_id":"VCID-pj93-uzpy-3bg1","summary":"lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2696.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2696.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2696","reference_id":"","reference_type":"","scores":[{"value":"0.10768","scoring_system":"epss","scoring_elements":"0.93477","published_at":"2026-06-04T12:55:00Z"},{"value":"0.10768","scoring_system":"epss","scoring_elements":"0.93488","published_at":"2026-06-05T12:55:00Z"},{"value":"0.10768","scoring_system":"epss","scoring_elements":"0.93489","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2696"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1275869","reference_id":"1275869","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1275869"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803084","reference_id":"803084","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803084"},{"reference_url":"https://security.gentoo.org/glsa/201611-14","reference_id":"GLSA-201611-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201611-14"},{"reference_url":"https://usn.ubuntu.com/2810-1/","reference_id":"USN-2810-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2810-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6251?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2015-2696"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pj93-uzpy-3bg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75034?format=json","vulnerability_id":"VCID-pq2d-33kw-ayb7","summary":"A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3576.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3576.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3576","reference_id":"","reference_type":"","scores":[{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48824","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48832","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103525","reference_id":"1103525","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103525"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359465","reference_id":"2359465","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359465"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9","reference_id":"cpe:/a:redhat:discovery:2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-3576","reference_id":"CVE-2025-3576","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-3576"},{"reference_url":"https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html","reference_id":"krb5-1.22.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11487","reference_id":"RHSA-2025:11487","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:11487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13664","reference_id":"RHSA-2025:13664","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:13664"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13777","reference_id":"RHSA-2025:13777","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:13777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15000","reference_id":"RHSA-2025:15000","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15000"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15001","reference_id":"RHSA-2025:15001","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15001"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15002","reference_id":"RHSA-2025:15002","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15002"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15003","reference_id":"RHSA-2025:15003","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15004","reference_id":"RHSA-2025:15004","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8411","reference_id":"RHSA-2025:8411","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9418","reference_id":"RHSA-2025:9418","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9418"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9430","reference_id":"RHSA-2025:9430","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9430"},{"reference_url":"https://usn.ubuntu.com/7542-1/","reference_id":"USN-7542-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7542-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/773967?format=json","purl":"pkg:deb/debian/krb5@1.20.1-2%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.20.1-2%252Bdeb12u4"}],"aliases":["CVE-2025-3576"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pq2d-33kw-ayb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75009?format=json","vulnerability_id":"VCID-py4d-vrgu-5ueu","summary":"lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2695.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2695.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2695","reference_id":"","reference_type":"","scores":[{"value":"0.04582","scoring_system":"epss","scoring_elements":"0.89406","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04582","scoring_system":"epss","scoring_elements":"0.89424","published_at":"2026-06-05T12:55:00Z"},{"value":"0.04582","scoring_system":"epss","scoring_elements":"0.89423","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1275871","reference_id":"1275871","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1275871"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803083","reference_id":"803083","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803083"},{"reference_url":"https://security.gentoo.org/glsa/201611-14","reference_id":"GLSA-201611-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201611-14"},{"reference_url":"https://usn.ubuntu.com/2810-1/","reference_id":"USN-2810-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2810-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6251?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2015-2695"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-py4d-vrgu-5ueu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6466?format=json","vulnerability_id":"VCID-rgc3-hzw1-3bcp","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11462.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11462.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11462","reference_id":"","reference_type":"","scores":[{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77958","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77965","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77931","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11462","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11462"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1488873","reference_id":"1488873","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1488873"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873563","reference_id":"873563","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873563"},{"reference_url":"https://security.archlinux.org/ASA-201710-8","reference_id":"ASA-201710-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-8"},{"reference_url":"https://security.archlinux.org/ASA-201710-9","reference_id":"ASA-201710-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-9"},{"reference_url":"https://security.archlinux.org/AVG-414","reference_id":"AVG-414","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-414"},{"reference_url":"https://security.archlinux.org/AVG-415","reference_id":"AVG-415","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-415"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6253?format=json","purl":"pkg:deb/debian/krb5@1.17-3%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4"}],"aliases":["CVE-2017-11462"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgc3-hzw1-3bcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75033?format=json","vulnerability_id":"VCID-s1hu-g4ns-5ydy","summary":"In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24528.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24528.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24528","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42956","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42945","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24528"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730","reference_id":"1094730","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2342796","reference_id":"2342796","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2342796"},{"reference_url":"https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0","reference_id":"78ceba024b64d49612375be4a12d1c066b0bfbd0","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-16T17:39:31Z/"}],"url":"https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0"},{"reference_url":"https://github.com/krb5/krb5/compare/krb5-1.21.3-final...krb5-1.22-final","reference_id":"krb5-1.21.3-final...krb5-1.22-final","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-16T17:39:31Z/"}],"url":"https://github.com/krb5/krb5/compare/krb5-1.21.3-final...krb5-1.22-final"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1352","reference_id":"RHSA-2025:1352","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1352"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2722","reference_id":"RHSA-2025:2722","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2722"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2789","reference_id":"RHSA-2025:2789","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2789"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7067","reference_id":"RHSA-2025:7067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8385","reference_id":"RHSA-2025:8385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8385"},{"reference_url":"https://usn.ubuntu.com/7314-1/","reference_id":"USN-7314-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7314-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/773967?format=json","purl":"pkg:deb/debian/krb5@1.20.1-2%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.20.1-2%252Bdeb12u4"}],"aliases":["CVE-2025-24528"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s1hu-g4ns-5ydy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74960?format=json","vulnerability_id":"VCID-sewn-mfcw-gygm","summary":"The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0846.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0846.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0846","reference_id":"","reference_type":"","scores":[{"value":"0.50005","scoring_system":"epss","scoring_elements":"0.97873","published_at":"2026-06-04T12:55:00Z"},{"value":"0.50005","scoring_system":"epss","scoring_elements":"0.97876","published_at":"2026-06-05T12:55:00Z"},{"value":"0.50005","scoring_system":"epss","scoring_elements":"0.97878","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0846"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=491036","reference_id":"491036","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=491036"},{"reference_url":"https://security.gentoo.org/glsa/200904-09","reference_id":"GLSA-200904-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200904-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0408","reference_id":"RHSA-2009:0408","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0408"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0409","reference_id":"RHSA-2009:0409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:0410","reference_id":"RHSA-2009:0410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:0410"},{"reference_url":"https://usn.ubuntu.com/755-1/","reference_id":"USN-755-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/755-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6247?format=json","purl":"pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7"}],"aliases":["CVE-2009-0846"],"risk_score":0.2,"exploitability":"0.5","weighted_severity":"0.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sewn-mfcw-gygm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74999?format=json","vulnerability_id":"VCID-t96y-1vd2-fqe3","summary":"Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of \"cpw -keepold\" commands.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4345.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4345.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4345","reference_id":"","reference_type":"","scores":[{"value":"0.11304","scoring_system":"epss","scoring_elements":"0.93669","published_at":"2026-06-04T12:55:00Z"},{"value":"0.11304","scoring_system":"epss","scoring_elements":"0.93679","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1128157","reference_id":"1128157","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1128157"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757416","reference_id":"757416","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757416"},{"reference_url":"https://security.gentoo.org/glsa/201412-53","reference_id":"GLSA-201412-53","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-53"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1255","reference_id":"RHSA-2014:1255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1389","reference_id":"RHSA-2014:1389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0439","reference_id":"RHSA-2015:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0439"},{"reference_url":"https://usn.ubuntu.com/2310-1/","reference_id":"USN-2310-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2310-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-4345"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t96y-1vd2-fqe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6805?format=json","vulnerability_id":"VCID-tg7a-etmk-6fea","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37371.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37371.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37371","reference_id":"","reference_type":"","scores":[{"value":"0.02606","scoring_system":"epss","scoring_elements":"0.85933","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02606","scoring_system":"epss","scoring_elements":"0.8593","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37371"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37370","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37370"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2294676","reference_id":"2294676","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2294676"},{"reference_url":"https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef","reference_id":"55fbf435edbe2e92dd8101669b1ce7144bc96fef","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:31:33Z/"}],"url":"https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef"},{"reference_url":"https://web.mit.edu/kerberos/www/advisories/","reference_id":"advisories","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:31:33Z/"}],"url":"https://web.mit.edu/kerberos/www/advisories/"},{"reference_url":"https://security.archlinux.org/AVG-2856","reference_id":"AVG-2856","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10135","reference_id":"RHSA-2024:10135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11109","reference_id":"RHSA-2024:11109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4734","reference_id":"RHSA-2024:4734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4743","reference_id":"RHSA-2024:4743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5076","reference_id":"RHSA-2024:5076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5312","reference_id":"RHSA-2024:5312","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5316","reference_id":"RHSA-2024:5316","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5316"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5625","reference_id":"RHSA-2024:5625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5625"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5630","reference_id":"RHSA-2024:5630","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5643","reference_id":"RHSA-2024:5643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5643"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5884","reference_id":"RHSA-2024:5884","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5884"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6166","reference_id":"RHSA-2024:6166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7213","reference_id":"RHSA-2024:7213","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7213"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7374","reference_id":"RHSA-2024:7374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1671","reference_id":"RHSA-2025:1671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1673","reference_id":"RHSA-2025:1673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1673"},{"reference_url":"https://usn.ubuntu.com/6947-1/","reference_id":"USN-6947-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6947-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/538439?format=json","purl":"pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5"}],"aliases":["CVE-2024-37371"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tg7a-etmk-6fea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61749?format=json","vulnerability_id":"VCID-u4y9-vrsc-wbdy","summary":"krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40356.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40356.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40356","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28625","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28666","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135317","reference_id":"1135317","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135317"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463368","reference_id":"2463368","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463368"},{"reference_url":"https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f","reference_id":"2e75f0d9362fb979f5fc92829431a590a130929f","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:10:05Z/"}],"url":"https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f"},{"reference_url":"https://web.mit.edu/kerberos/advisories/","reference_id":"advisories","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:10:05Z/"}],"url":"https://web.mit.edu/kerberos/advisories/"},{"reference_url":"https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html","reference_id":"krb5-two-unauthenticated-network-vulnerabilities.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:10:05Z/"}],"url":"https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12220","reference_id":"RHSA-2026:12220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16799","reference_id":"RHSA-2026:16799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19145","reference_id":"RHSA-2026:19145","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19145"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19357","reference_id":"RHSA-2026:19357","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19357"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21275","reference_id":"RHSA-2026:21275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22634","reference_id":"RHSA-2026:22634","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22634"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/773967?format=json","purl":"pkg:deb/debian/krb5@1.20.1-2%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.20.1-2%252Bdeb12u4"}],"aliases":["CVE-2026-40356"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u4y9-vrsc-wbdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75013?format=json","vulnerability_id":"VCID-ukkj-tn8u-yuab","summary":"The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8629.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8629.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8629","reference_id":"","reference_type":"","scores":[{"value":"0.02043","scoring_system":"epss","scoring_elements":"0.8416","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02043","scoring_system":"epss","scoring_elements":"0.84183","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02043","scoring_system":"epss","scoring_elements":"0.84186","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8629","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8631"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302617","reference_id":"1302617","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302617"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813296","reference_id":"813296","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0493","reference_id":"RHSA-2016:0493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0532","reference_id":"RHSA-2016:0532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0532"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6251?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2015-8629"],"risk_score":0.6,"exploitability":"0.5","weighted_severity":"1.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukkj-tn8u-yuab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75000?format=json","vulnerability_id":"VCID-v4b9-7gb8-7kf7","summary":"The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5351.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5351.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5351","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57614","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57666","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57674","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1145425","reference_id":"1145425","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1145425"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762479","reference_id":"762479","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762479"},{"reference_url":"https://security.gentoo.org/glsa/201412-53","reference_id":"GLSA-201412-53","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-53"},{"reference_url":"https://usn.ubuntu.com/2498-1/","reference_id":"USN-2498-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2498-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-5351"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v4b9-7gb8-7kf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75001?format=json","vulnerability_id":"VCID-vq2w-pgev-f7ha","summary":"The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5352.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5352.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5352","reference_id":"","reference_type":"","scores":[{"value":"0.05407","scoring_system":"epss","scoring_elements":"0.90302","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05407","scoring_system":"epss","scoring_elements":"0.90317","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05407","scoring_system":"epss","scoring_elements":"0.90316","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179856","reference_id":"1179856","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0439","reference_id":"RHSA-2015:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0794","reference_id":"RHSA-2015:0794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0794"},{"reference_url":"https://usn.ubuntu.com/2498-1/","reference_id":"USN-2498-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2498-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-5352"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vq2w-pgev-f7ha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74899?format=json","vulnerability_id":"VCID-vuzh-e7pz-fqgt","summary":"The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0971.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0971.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0971","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28583","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28656","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28615","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0971","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0971"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617336","reference_id":"1617336","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617336"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278271","reference_id":"278271","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:012","reference_id":"RHSA-2005:012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:012"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2004-0971"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vuzh-e7pz-fqgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74976?format=json","vulnerability_id":"VCID-vxvk-vwan-ukak","summary":"The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0282.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0282.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0282","reference_id":"","reference_type":"","scores":[{"value":"0.09562","scoring_system":"epss","scoring_elements":"0.93013","published_at":"2026-06-04T12:55:00Z"},{"value":"0.09562","scoring_system":"epss","scoring_elements":"0.93024","published_at":"2026-06-05T12:55:00Z"},{"value":"0.09562","scoring_system":"epss","scoring_elements":"0.93021","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0282","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0282"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=668726","reference_id":"668726","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=668726"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0199","reference_id":"RHSA-2011:0199","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0199"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0200","reference_id":"RHSA-2011:0200","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0200"},{"reference_url":"https://usn.ubuntu.com/1062-1/","reference_id":"USN-1062-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1062-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2011-0282"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vxvk-vwan-ukak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3527?format=json","vulnerability_id":"VCID-wc2t-bbf1-mua5","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42898.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42898.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42898","reference_id":"","reference_type":"","scores":[{"value":"0.10832","scoring_system":"epss","scoring_elements":"0.935","published_at":"2026-06-04T12:55:00Z"},{"value":"0.10832","scoring_system":"epss","scoring_elements":"0.93511","published_at":"2026-06-06T12:55:00Z"},{"value":"0.10832","scoring_system":"epss","scoring_elements":"0.9351","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187","reference_id":"1024187","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267","reference_id":"1024267","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2140960","reference_id":"2140960","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2140960"},{"reference_url":"https://web.mit.edu/kerberos/advisories/","reference_id":"advisories","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://web.mit.edu/kerberos/advisories/"},{"reference_url":"https://security.archlinux.org/AVG-2828","reference_id":"AVG-2828","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2828"},{"reference_url":"https://www.samba.org/samba/security/CVE-2022-42898.html","reference_id":"CVE-2022-42898.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://www.samba.org/samba/security/CVE-2022-42898.html"},{"reference_url":"https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583","reference_id":"ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583"},{"reference_url":"https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c","reference_id":"GHSA-64mq-fvfj-5x3c","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c"},{"reference_url":"https://security.gentoo.org/glsa/202309-06","reference_id":"GLSA-202309-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://security.gentoo.org/glsa/202309-06"},{"reference_url":"https://security.gentoo.org/glsa/202310-06","reference_id":"GLSA-202310-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://security.gentoo.org/glsa/202310-06"},{"reference_url":"https://security.gentoo.org/glsa/202405-11","reference_id":"GLSA-202405-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-11"},{"reference_url":"https://web.mit.edu/kerberos/krb5-1.19/","reference_id":"krb5-1.19","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://web.mit.edu/kerberos/krb5-1.19/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230216-0008/","reference_id":"ntap-20230216-0008","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230216-0008/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230223-0001/","reference_id":"ntap-20230223-0001","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230223-0001/"},{"reference_url":"https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt","reference_id":"README-1.20.1.txt","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8637","reference_id":"RHSA-2022:8637","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8638","reference_id":"RHSA-2022:8638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8639","reference_id":"RHSA-2022:8639","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8640","reference_id":"RHSA-2022:8640","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8640"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8641","reference_id":"RHSA-2022:8641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8648","reference_id":"RHSA-2022:8648","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8662","reference_id":"RHSA-2022:8662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8662"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8663","reference_id":"RHSA-2022:8663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8669","reference_id":"RHSA-2022:8669","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9029","reference_id":"RHSA-2022:9029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9029"},{"reference_url":"https://bugzilla.samba.org/show_bug.cgi?id=15203","reference_id":"show_bug.cgi?id=15203","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://bugzilla.samba.org/show_bug.cgi?id=15203"},{"reference_url":"https://usn.ubuntu.com/5800-1/","reference_id":"USN-5800-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5800-1/"},{"reference_url":"https://usn.ubuntu.com/5822-1/","reference_id":"USN-5822-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5822-1/"},{"reference_url":"https://usn.ubuntu.com/5828-1/","reference_id":"USN-5828-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5828-1/"},{"reference_url":"https://usn.ubuntu.com/5936-1/","reference_id":"USN-5936-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5936-1/"},{"reference_url":"https://usn.ubuntu.com/7582-1/","reference_id":"USN-7582-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7582-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/538439?format=json","purl":"pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5"}],"aliases":["CVE-2022-42898"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wc2t-bbf1-mua5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75028?format=json","vulnerability_id":"VCID-xmhu-nkgw-kybr","summary":"lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36054.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36054.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36054","reference_id":"","reference_type":"","scores":[{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78377","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78368","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36054"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36054","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36054"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043431","reference_id":"1043431","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043431"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2230178","reference_id":"2230178","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2230178"},{"reference_url":"https://web.mit.edu/kerberos/www/advisories/","reference_id":"advisories","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/"}],"url":"https://web.mit.edu/kerberos/www/advisories/"},{"reference_url":"https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd","reference_id":"ef08b09c9459551aabbe7924fb176f1583053cdd","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/"}],"url":"https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd"},{"reference_url":"https://security.gentoo.org/glsa/202405-11","reference_id":"GLSA-202405-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-11"},{"reference_url":"https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final","reference_id":"krb5-1.20.1-final...krb5-1.20.2-final","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/"}],"url":"https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final"},{"reference_url":"https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final","reference_id":"krb5-1.21-final...krb5-1.21.1-final","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/"}],"url":"https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html","reference_id":"msg00031.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230908-0004/","reference_id":"ntap-20230908-0004","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230908-0004/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6699","reference_id":"RHSA-2023:6699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6699"},{"reference_url":"https://usn.ubuntu.com/6467-1/","reference_id":"USN-6467-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6467-1/"},{"reference_url":"https://usn.ubuntu.com/6467-2/","reference_id":"USN-6467-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6467-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/538439?format=json","purl":"pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5"}],"aliases":["CVE-2023-36054"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xmhu-nkgw-kybr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4357?format=json","vulnerability_id":"VCID-yejf-124s-hqgx","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15088.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15088.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15088","reference_id":"","reference_type":"","scores":[{"value":"0.01283","scoring_system":"epss","scoring_elements":"0.79965","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01283","scoring_system":"epss","scoring_elements":"0.7994","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01283","scoring_system":"epss","scoring_elements":"0.7997","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15088"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15088"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:C/I:C/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1504045","reference_id":"1504045","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1504045"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871698","reference_id":"871698","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871698"},{"reference_url":"https://security.archlinux.org/AVG-505","reference_id":"AVG-505","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-505"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6253?format=json","purl":"pkg:deb/debian/krb5@1.17-3%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4"}],"aliases":["CVE-2017-15088"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yejf-124s-hqgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6467?format=json","vulnerability_id":"VCID-yr93-awkm-v7ay","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11368.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11368.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11368","reference_id":"","reference_type":"","scores":[{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.72042","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.72049","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.72001","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11368"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11368","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11368"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:C"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1473560","reference_id":"1473560","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1473560"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869260","reference_id":"869260","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869260"},{"reference_url":"https://security.archlinux.org/ASA-201710-8","reference_id":"ASA-201710-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-8"},{"reference_url":"https://security.archlinux.org/AVG-414","reference_id":"AVG-414","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-414"},{"reference_url":"https://security.archlinux.org/AVG-436","reference_id":"AVG-436","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0666","reference_id":"RHSA-2018:0666","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0666"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6253?format=json","purl":"pkg:deb/debian/krb5@1.17-3%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4"}],"aliases":["CVE-2017-11368"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yr93-awkm-v7ay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72437?format=json","vulnerability_id":"VCID-yy22-6ztx-67d4","summary":"The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1321.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1321.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1321","reference_id":"","reference_type":"","scores":[{"value":"0.01857","scoring_system":"epss","scoring_elements":"0.8339","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01857","scoring_system":"epss","scoring_elements":"0.83414","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01857","scoring_system":"epss","scoring_elements":"0.83415","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1321"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582261","reference_id":"582261","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582261"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=582466","reference_id":"582466","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=582466"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0423","reference_id":"RHSA-2010:0423","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0873","reference_id":"RHSA-2010:0873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0935","reference_id":"RHSA-2010:0935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0152","reference_id":"RHSA-2011:0152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0152"},{"reference_url":"https://usn.ubuntu.com/940-1/","reference_id":"USN-940-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/940-1/"},{"reference_url":"https://usn.ubuntu.com/940-2/","reference_id":"USN-940-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/940-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6247?format=json","purl":"pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7"}],"aliases":["CVE-2010-1321"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yy22-6ztx-67d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74981?format=json","vulnerability_id":"VCID-zv6f-cpbv-a7b7","summary":"The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function.  NOTE: the Berkeley DB vector is covered by CVE-2011-4151.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1528.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1528.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1528","reference_id":"","reference_type":"","scores":[{"value":"0.05459","scoring_system":"epss","scoring_elements":"0.90354","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05459","scoring_system":"epss","scoring_elements":"0.9037","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05459","scoring_system":"epss","scoring_elements":"0.90368","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1528"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367","reference_id":"646367","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=737711","reference_id":"737711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=737711"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1379","reference_id":"RHSA-2011:1379","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1379"},{"reference_url":"https://usn.ubuntu.com/1233-1/","reference_id":"USN-1233-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1233-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2011-1528"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zv6f-cpbv-a7b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74996?format=json","vulnerability_id":"VCID-zxdc-pv4q-myb6","summary":"MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4342.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4342.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4342","reference_id":"","reference_type":"","scores":[{"value":"0.08139","scoring_system":"epss","scoring_elements":"0.92317","published_at":"2026-06-04T12:55:00Z"},{"value":"0.08139","scoring_system":"epss","scoring_elements":"0.92332","published_at":"2026-06-05T12:55:00Z"},{"value":"0.08139","scoring_system":"epss","scoring_elements":"0.92329","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1120581","reference_id":"1120581","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1120581"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753625","reference_id":"753625","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753625"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1389","reference_id":"RHSA-2014:1389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0439","reference_id":"RHSA-2015:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0439"},{"reference_url":"https://usn.ubuntu.com/2310-1/","reference_id":"USN-2310-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2310-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-4342"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zxdc-pv4q-myb6"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74946?format=json","vulnerability_id":"VCID-1sfq-jfju-2uh8","summary":"Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5902.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5902.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5902","reference_id":"","reference_type":"","scores":[{"value":"0.04002","scoring_system":"epss","scoring_elements":"0.8864","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04002","scoring_system":"epss","scoring_elements":"0.88657","published_at":"2026-06-05T12:55:00Z"},{"value":"0.04002","scoring_system":"epss","scoring_elements":"0.88658","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5902"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=415341","reference_id":"415341","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=415341"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974","reference_id":"454974","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974"},{"reference_url":"https://usn.ubuntu.com/924-1/","reference_id":"USN-924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/924-1/"},{"reference_url":"https://usn.ubuntu.com/940-1/","reference_id":"USN-940-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/940-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6246?format=json","purl":"pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-1sps-s2a3-wbad"},{"vulnerability":"VCID-1u82-w13p-cfbk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-53pj-pwxv-qqhv"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-5jja-ssqm-skhu"},{"vulnerability":"VCID-5thq-ff3f-h7f6"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7ey4-ge6f-9uct"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-9axv-m7xk-quax"},{"vulnerability":"VCID-a4cc-w95t-8fh6"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c2t4-3vdu-wqf1"},{"vulnerability":"VCID-c3qw-eazy-nyer"},{"vulnerability":"VCID-c5ev-cgh8-3kda"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d2qf-r6jd-r3c7"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-f72c-txrr-ukga"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-g9nw-c9d1-a3er"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-kszc-uv1w-syb1"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pbeh-n41k-s7au"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-sewn-mfcw-gygm"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-yy22-6ztx-67d4"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7"}],"aliases":["CVE-2007-5902"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1sfq-jfju-2uh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74931?format=json","vulnerability_id":"VCID-2ca9-q5cr-guep","summary":"Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2443.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2443.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2443","reference_id":"","reference_type":"","scores":[{"value":"0.32345","scoring_system":"epss","scoring_elements":"0.96934","published_at":"2026-06-04T12:55:00Z"},{"value":"0.32345","scoring_system":"epss","scoring_elements":"0.96939","published_at":"2026-06-05T12:55:00Z"},{"value":"0.32345","scoring_system":"epss","scoring_elements":"0.96942","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2443"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=245548","reference_id":"245548","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=245548"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430787","reference_id":"430787","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430787"},{"reference_url":"https://security.gentoo.org/glsa/200707-11","reference_id":"GLSA-200707-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200707-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0384","reference_id":"RHSA-2007:0384","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0384"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0562","reference_id":"RHSA-2007:0562","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0562"},{"reference_url":"https://usn.ubuntu.com/477-1/","reference_id":"USN-477-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/477-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6246?format=json","purl":"pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-1sps-s2a3-wbad"},{"vulnerability":"VCID-1u82-w13p-cfbk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-53pj-pwxv-qqhv"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-5jja-ssqm-skhu"},{"vulnerability":"VCID-5thq-ff3f-h7f6"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7ey4-ge6f-9uct"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-9axv-m7xk-quax"},{"vulnerability":"VCID-a4cc-w95t-8fh6"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c2t4-3vdu-wqf1"},{"vulnerability":"VCID-c3qw-eazy-nyer"},{"vulnerability":"VCID-c5ev-cgh8-3kda"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d2qf-r6jd-r3c7"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-f72c-txrr-ukga"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-g9nw-c9d1-a3er"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-kszc-uv1w-syb1"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pbeh-n41k-s7au"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-sewn-mfcw-gygm"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-yy22-6ztx-67d4"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7"}],"aliases":["CVE-2007-2443"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ca9-q5cr-guep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74948?format=json","vulnerability_id":"VCID-2dct-5xex-6bhn","summary":"Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5971.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5971.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5971","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.2369","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23785","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.2377","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=415351","reference_id":"415351","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=415351"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974","reference_id":"454974","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974"},{"reference_url":"https://security.gentoo.org/glsa/200803-31","reference_id":"GLSA-200803-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200803-31"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0164","reference_id":"RHSA-2008:0164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0180","reference_id":"RHSA-2008:0180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0180"},{"reference_url":"https://usn.ubuntu.com/924-1/","reference_id":"USN-924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/924-1/"},{"reference_url":"https://usn.ubuntu.com/940-1/","reference_id":"USN-940-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/940-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6246?format=json","purl":"pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-1sps-s2a3-wbad"},{"vulnerability":"VCID-1u82-w13p-cfbk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-53pj-pwxv-qqhv"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-5jja-ssqm-skhu"},{"vulnerability":"VCID-5thq-ff3f-h7f6"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7ey4-ge6f-9uct"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-9axv-m7xk-quax"},{"vulnerability":"VCID-a4cc-w95t-8fh6"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c2t4-3vdu-wqf1"},{"vulnerability":"VCID-c3qw-eazy-nyer"},{"vulnerability":"VCID-c5ev-cgh8-3kda"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d2qf-r6jd-r3c7"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-f72c-txrr-ukga"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-g9nw-c9d1-a3er"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-kszc-uv1w-syb1"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pbeh-n41k-s7au"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-sewn-mfcw-gygm"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-yy22-6ztx-67d4"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7"}],"aliases":["CVE-2007-5971"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2dct-5xex-6bhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74951?format=json","vulnerability_id":"VCID-2pmt-wrh2-kqgp","summary":"Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors.  NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5972.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5972.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5972","reference_id":"","reference_type":"","scores":[{"value":"0.01923","scoring_system":"epss","scoring_elements":"0.83691","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01923","scoring_system":"epss","scoring_elements":"0.83715","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5972","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5972"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=415361","reference_id":"415361","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=415361"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974","reference_id":"454974","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974"},{"reference_url":"https://usn.ubuntu.com/924-1/","reference_id":"USN-924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/924-1/"},{"reference_url":"https://usn.ubuntu.com/940-1/","reference_id":"USN-940-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/940-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6246?format=json","purl":"pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-1sps-s2a3-wbad"},{"vulnerability":"VCID-1u82-w13p-cfbk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-53pj-pwxv-qqhv"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-5jja-ssqm-skhu"},{"vulnerability":"VCID-5thq-ff3f-h7f6"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7ey4-ge6f-9uct"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-9axv-m7xk-quax"},{"vulnerability":"VCID-a4cc-w95t-8fh6"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c2t4-3vdu-wqf1"},{"vulnerability":"VCID-c3qw-eazy-nyer"},{"vulnerability":"VCID-c5ev-cgh8-3kda"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d2qf-r6jd-r3c7"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-f72c-txrr-ukga"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-g9nw-c9d1-a3er"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-kszc-uv1w-syb1"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pbeh-n41k-s7au"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-sewn-mfcw-gygm"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-yy22-6ztx-67d4"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7"}],"aliases":["CVE-2007-5972"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2pmt-wrh2-kqgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74943?format=json","vulnerability_id":"VCID-2ud2-gzrr-8bb9","summary":"Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.  NOTE: this might be the result of a typo in the source code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5901.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5901.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5901","reference_id":"","reference_type":"","scores":[{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.2909","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29161","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29128","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5901"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=415321","reference_id":"415321","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=415321"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974","reference_id":"454974","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974"},{"reference_url":"https://security.gentoo.org/glsa/200803-31","reference_id":"GLSA-200803-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200803-31"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0164","reference_id":"RHSA-2008:0164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0164"},{"reference_url":"https://usn.ubuntu.com/924-1/","reference_id":"USN-924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/924-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6246?format=json","purl":"pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-1sps-s2a3-wbad"},{"vulnerability":"VCID-1u82-w13p-cfbk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-53pj-pwxv-qqhv"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-5jja-ssqm-skhu"},{"vulnerability":"VCID-5thq-ff3f-h7f6"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7ey4-ge6f-9uct"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-9axv-m7xk-quax"},{"vulnerability":"VCID-a4cc-w95t-8fh6"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c2t4-3vdu-wqf1"},{"vulnerability":"VCID-c3qw-eazy-nyer"},{"vulnerability":"VCID-c5ev-cgh8-3kda"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d2qf-r6jd-r3c7"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-f72c-txrr-ukga"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-g9nw-c9d1-a3er"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-kszc-uv1w-syb1"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pbeh-n41k-s7au"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-sewn-mfcw-gygm"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-yy22-6ztx-67d4"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7"}],"aliases":["CVE-2007-5901"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ud2-gzrr-8bb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74954?format=json","vulnerability_id":"VCID-56jv-ftkh-e7bg","summary":"Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0947.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0947.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0947","reference_id":"","reference_type":"","scores":[{"value":"0.45097","scoring_system":"epss","scoring_elements":"0.97659","published_at":"2026-06-04T12:55:00Z"},{"value":"0.45097","scoring_system":"epss","scoring_elements":"0.97663","published_at":"2026-06-05T12:55:00Z"},{"value":"0.45097","scoring_system":"epss","scoring_elements":"0.97665","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0947"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=433596","reference_id":"433596","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=433596"},{"reference_url":"https://security.gentoo.org/glsa/200803-31","reference_id":"GLSA-200803-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200803-31"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0164","reference_id":"RHSA-2008:0164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0164"},{"reference_url":"https://usn.ubuntu.com/587-1/","reference_id":"USN-587-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/587-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6246?format=json","purl":"pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-1sps-s2a3-wbad"},{"vulnerability":"VCID-1u82-w13p-cfbk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-53pj-pwxv-qqhv"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-5jja-ssqm-skhu"},{"vulnerability":"VCID-5thq-ff3f-h7f6"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7ey4-ge6f-9uct"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-9axv-m7xk-quax"},{"vulnerability":"VCID-a4cc-w95t-8fh6"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c2t4-3vdu-wqf1"},{"vulnerability":"VCID-c3qw-eazy-nyer"},{"vulnerability":"VCID-c5ev-cgh8-3kda"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d2qf-r6jd-r3c7"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-f72c-txrr-ukga"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-g9nw-c9d1-a3er"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-kszc-uv1w-syb1"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pbeh-n41k-s7au"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-sewn-mfcw-gygm"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-yy22-6ztx-67d4"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7"}],"aliases":["CVE-2008-0947"],"risk_score":0.2,"exploitability":"0.5","weighted_severity":"0.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-56jv-ftkh-e7bg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74925?format=json","vulnerability_id":"VCID-66wn-48ee-8qd8","summary":"Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an \"an invalid direction encoding\".","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1216.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1216.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1216","reference_id":"","reference_type":"","scores":[{"value":"0.25853","scoring_system":"epss","scoring_elements":"0.96364","published_at":"2026-06-04T12:55:00Z"},{"value":"0.25853","scoring_system":"epss","scoring_elements":"0.96369","published_at":"2026-06-05T12:55:00Z"},{"value":"0.25853","scoring_system":"epss","scoring_elements":"0.96372","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1216"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=231537","reference_id":"231537","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=231537"},{"reference_url":"https://security.gentoo.org/glsa/200704-02","reference_id":"GLSA-200704-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200704-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0095","reference_id":"RHSA-2007:0095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0095"},{"reference_url":"https://usn.ubuntu.com/449-1/","reference_id":"USN-449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6246?format=json","purl":"pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-1sps-s2a3-wbad"},{"vulnerability":"VCID-1u82-w13p-cfbk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-53pj-pwxv-qqhv"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-5jja-ssqm-skhu"},{"vulnerability":"VCID-5thq-ff3f-h7f6"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7ey4-ge6f-9uct"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-9axv-m7xk-quax"},{"vulnerability":"VCID-a4cc-w95t-8fh6"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c2t4-3vdu-wqf1"},{"vulnerability":"VCID-c3qw-eazy-nyer"},{"vulnerability":"VCID-c5ev-cgh8-3kda"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d2qf-r6jd-r3c7"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-f72c-txrr-ukga"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-g9nw-c9d1-a3er"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-kszc-uv1w-syb1"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pbeh-n41k-s7au"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-sewn-mfcw-gygm"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-yy22-6ztx-67d4"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7"}],"aliases":["CVE-2007-1216"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-66wn-48ee-8qd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74933?format=json","vulnerability_id":"VCID-7azb-3ws6-mbh8","summary":"Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2798.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2798.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2798","reference_id":"","reference_type":"","scores":[{"value":"0.34892","scoring_system":"epss","scoring_elements":"0.97112","published_at":"2026-06-04T12:55:00Z"},{"value":"0.34892","scoring_system":"epss","scoring_elements":"0.97116","published_at":"2026-06-05T12:55:00Z"},{"value":"0.34892","scoring_system":"epss","scoring_elements":"0.97117","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=245549","reference_id":"245549","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=245549"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430785","reference_id":"430785","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430785"},{"reference_url":"https://security.gentoo.org/glsa/200707-11","reference_id":"GLSA-200707-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200707-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0384","reference_id":"RHSA-2007:0384","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0384"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0562","reference_id":"RHSA-2007:0562","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0562"},{"reference_url":"https://usn.ubuntu.com/477-1/","reference_id":"USN-477-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/477-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6246?format=json","purl":"pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-1sps-s2a3-wbad"},{"vulnerability":"VCID-1u82-w13p-cfbk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-53pj-pwxv-qqhv"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-5jja-ssqm-skhu"},{"vulnerability":"VCID-5thq-ff3f-h7f6"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7ey4-ge6f-9uct"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-9axv-m7xk-quax"},{"vulnerability":"VCID-a4cc-w95t-8fh6"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c2t4-3vdu-wqf1"},{"vulnerability":"VCID-c3qw-eazy-nyer"},{"vulnerability":"VCID-c5ev-cgh8-3kda"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d2qf-r6jd-r3c7"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-f72c-txrr-ukga"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-g9nw-c9d1-a3er"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-kszc-uv1w-syb1"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pbeh-n41k-s7au"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-sewn-mfcw-gygm"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-yy22-6ztx-67d4"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7"}],"aliases":["CVE-2007-2798"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7azb-3ws6-mbh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74937?format=json","vulnerability_id":"VCID-7wvx-d25a-dkfc","summary":"The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the \"modify policy\" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4000.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4000.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4000","reference_id":"","reference_type":"","scores":[{"value":"0.24528","scoring_system":"epss","scoring_elements":"0.96222","published_at":"2026-06-04T12:55:00Z"},{"value":"0.24528","scoring_system":"epss","scoring_elements":"0.96227","published_at":"2026-06-05T12:55:00Z"},{"value":"0.24528","scoring_system":"epss","scoring_elements":"0.96229","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4000"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4000","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4000"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=250976","reference_id":"250976","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=250976"},{"reference_url":"https://security.gentoo.org/glsa/200709-01","reference_id":"GLSA-200709-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200709-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0858","reference_id":"RHSA-2007:0858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0858"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6246?format=json","purl":"pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-1sps-s2a3-wbad"},{"vulnerability":"VCID-1u82-w13p-cfbk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-53pj-pwxv-qqhv"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-5jja-ssqm-skhu"},{"vulnerability":"VCID-5thq-ff3f-h7f6"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7ey4-ge6f-9uct"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-9axv-m7xk-quax"},{"vulnerability":"VCID-a4cc-w95t-8fh6"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c2t4-3vdu-wqf1"},{"vulnerability":"VCID-c3qw-eazy-nyer"},{"vulnerability":"VCID-c5ev-cgh8-3kda"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d2qf-r6jd-r3c7"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-f72c-txrr-ukga"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-g9nw-c9d1-a3er"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-kszc-uv1w-syb1"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pbeh-n41k-s7au"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-sewn-mfcw-gygm"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-yy22-6ztx-67d4"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7"}],"aliases":["CVE-2007-4000"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7wvx-d25a-dkfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74935?format=json","vulnerability_id":"VCID-7yu5-qag8-23cf","summary":"Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3999.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3999.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3999","reference_id":"","reference_type":"","scores":[{"value":"0.47845","scoring_system":"epss","scoring_elements":"0.97773","published_at":"2026-06-05T12:55:00Z"},{"value":"0.47845","scoring_system":"epss","scoring_elements":"0.97775","published_at":"2026-06-06T12:55:00Z"},{"value":"0.48434","scoring_system":"epss","scoring_elements":"0.97802","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3999"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=250973","reference_id":"250973","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=250973"},{"reference_url":"https://security.gentoo.org/glsa/200709-01","reference_id":"GLSA-200709-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200709-01"},{"reference_url":"https://security.gentoo.org/glsa/200710-01","reference_id":"GLSA-200710-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200710-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0858","reference_id":"RHSA-2007:0858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0913","reference_id":"RHSA-2007:0913","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0913"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0951","reference_id":"RHSA-2007:0951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0951"},{"reference_url":"https://usn.ubuntu.com/511-1/","reference_id":"USN-511-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/511-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6246?format=json","purl":"pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-1sps-s2a3-wbad"},{"vulnerability":"VCID-1u82-w13p-cfbk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-53pj-pwxv-qqhv"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-5jja-ssqm-skhu"},{"vulnerability":"VCID-5thq-ff3f-h7f6"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7ey4-ge6f-9uct"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-9axv-m7xk-quax"},{"vulnerability":"VCID-a4cc-w95t-8fh6"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c2t4-3vdu-wqf1"},{"vulnerability":"VCID-c3qw-eazy-nyer"},{"vulnerability":"VCID-c5ev-cgh8-3kda"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d2qf-r6jd-r3c7"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-f72c-txrr-ukga"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-g9nw-c9d1-a3er"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-kszc-uv1w-syb1"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pbeh-n41k-s7au"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-sewn-mfcw-gygm"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-yy22-6ztx-67d4"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7"}],"aliases":["CVE-2007-3999"],"risk_score":0.2,"exploitability":"0.5","weighted_severity":"0.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7yu5-qag8-23cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74928?format=json","vulnerability_id":"VCID-ce17-bbd4-tyc1","summary":"The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2442.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2442.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2442","reference_id":"","reference_type":"","scores":[{"value":"0.42571","scoring_system":"epss","scoring_elements":"0.97537","published_at":"2026-06-04T12:55:00Z"},{"value":"0.42571","scoring_system":"epss","scoring_elements":"0.97542","published_at":"2026-06-05T12:55:00Z"},{"value":"0.42571","scoring_system":"epss","scoring_elements":"0.97544","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=245547","reference_id":"245547","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=245547"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430787","reference_id":"430787","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430787"},{"reference_url":"https://security.gentoo.org/glsa/200707-11","reference_id":"GLSA-200707-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200707-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0384","reference_id":"RHSA-2007:0384","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0384"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0562","reference_id":"RHSA-2007:0562","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0562"},{"reference_url":"https://usn.ubuntu.com/477-1/","reference_id":"USN-477-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/477-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6246?format=json","purl":"pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-1sps-s2a3-wbad"},{"vulnerability":"VCID-1u82-w13p-cfbk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-53pj-pwxv-qqhv"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-5jja-ssqm-skhu"},{"vulnerability":"VCID-5thq-ff3f-h7f6"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7ey4-ge6f-9uct"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-9axv-m7xk-quax"},{"vulnerability":"VCID-a4cc-w95t-8fh6"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c2t4-3vdu-wqf1"},{"vulnerability":"VCID-c3qw-eazy-nyer"},{"vulnerability":"VCID-c5ev-cgh8-3kda"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d2qf-r6jd-r3c7"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-f72c-txrr-ukga"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-g9nw-c9d1-a3er"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-kszc-uv1w-syb1"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pbeh-n41k-s7au"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-sewn-mfcw-gygm"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-yy22-6ztx-67d4"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7"}],"aliases":["CVE-2007-2442"],"risk_score":0.2,"exploitability":"0.5","weighted_severity":"0.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ce17-bbd4-tyc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74921?format=json","vulnerability_id":"VCID-jbkg-zyb4-ybdc","summary":"The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0956.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0956.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0956","reference_id":"","reference_type":"","scores":[{"value":"0.25754","scoring_system":"epss","scoring_elements":"0.96353","published_at":"2026-06-04T12:55:00Z"},{"value":"0.25754","scoring_system":"epss","scoring_elements":"0.96358","published_at":"2026-06-05T12:55:00Z"},{"value":"0.25754","scoring_system":"epss","scoring_elements":"0.96362","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=229782","reference_id":"229782","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=229782"},{"reference_url":"https://security.gentoo.org/glsa/200704-02","reference_id":"GLSA-200704-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200704-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0095","reference_id":"RHSA-2007:0095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0095"},{"reference_url":"https://usn.ubuntu.com/449-1/","reference_id":"USN-449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6246?format=json","purl":"pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-1sps-s2a3-wbad"},{"vulnerability":"VCID-1u82-w13p-cfbk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-53pj-pwxv-qqhv"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-5jja-ssqm-skhu"},{"vulnerability":"VCID-5thq-ff3f-h7f6"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7ey4-ge6f-9uct"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-9axv-m7xk-quax"},{"vulnerability":"VCID-a4cc-w95t-8fh6"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c2t4-3vdu-wqf1"},{"vulnerability":"VCID-c3qw-eazy-nyer"},{"vulnerability":"VCID-c5ev-cgh8-3kda"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d2qf-r6jd-r3c7"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-f72c-txrr-ukga"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-g9nw-c9d1-a3er"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-kszc-uv1w-syb1"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pbeh-n41k-s7au"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-sewn-mfcw-gygm"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-yy22-6ztx-67d4"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7"}],"aliases":["CVE-2007-0956"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jbkg-zyb4-ybdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74953?format=json","vulnerability_id":"VCID-m9pf-r95d-4qbx","summary":"The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka \"Uninitialized stack values.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0063.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0063.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0063","reference_id":"","reference_type":"","scores":[{"value":"0.04904","scoring_system":"epss","scoring_elements":"0.89779","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04904","scoring_system":"epss","scoring_elements":"0.89795","published_at":"2026-06-05T12:55:00Z"},{"value":"0.04904","scoring_system":"epss","scoring_elements":"0.89797","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0063"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=432621","reference_id":"432621","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=432621"},{"reference_url":"https://security.gentoo.org/glsa/200803-31","reference_id":"GLSA-200803-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200803-31"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0164","reference_id":"RHSA-2008:0164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0180","reference_id":"RHSA-2008:0180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0180"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0181","reference_id":"RHSA-2008:0181","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0181"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0182","reference_id":"RHSA-2008:0182","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0182"},{"reference_url":"https://usn.ubuntu.com/587-1/","reference_id":"USN-587-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/587-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6246?format=json","purl":"pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-1sps-s2a3-wbad"},{"vulnerability":"VCID-1u82-w13p-cfbk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-53pj-pwxv-qqhv"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-5jja-ssqm-skhu"},{"vulnerability":"VCID-5thq-ff3f-h7f6"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7ey4-ge6f-9uct"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-9axv-m7xk-quax"},{"vulnerability":"VCID-a4cc-w95t-8fh6"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c2t4-3vdu-wqf1"},{"vulnerability":"VCID-c3qw-eazy-nyer"},{"vulnerability":"VCID-c5ev-cgh8-3kda"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d2qf-r6jd-r3c7"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-f72c-txrr-ukga"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-g9nw-c9d1-a3er"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-kszc-uv1w-syb1"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pbeh-n41k-s7au"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-sewn-mfcw-gygm"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-yy22-6ztx-67d4"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7"}],"aliases":["CVE-2008-0063"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m9pf-r95d-4qbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74941?format=json","vulnerability_id":"VCID-phbg-1ygq-9qb6","summary":"The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors.  NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used.  NOTE: the vendor disputes this issue, stating \" The 'length' variable is only uninitialized if 'auth_type' is neither the 'KERBEROS_V4' nor 'GSSAPI'; this condition cannot occur in the unmodified source code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5894.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5894.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5894","reference_id":"","reference_type":"","scores":[{"value":"0.02774","scoring_system":"epss","scoring_elements":"0.86319","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02774","scoring_system":"epss","scoring_elements":"0.86341","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02774","scoring_system":"epss","scoring_elements":"0.86343","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5894"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=415311","reference_id":"415311","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=415311"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974","reference_id":"454974","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6246?format=json","purl":"pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-1sps-s2a3-wbad"},{"vulnerability":"VCID-1u82-w13p-cfbk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-53pj-pwxv-qqhv"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-5jja-ssqm-skhu"},{"vulnerability":"VCID-5thq-ff3f-h7f6"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7ey4-ge6f-9uct"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-9axv-m7xk-quax"},{"vulnerability":"VCID-a4cc-w95t-8fh6"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c2t4-3vdu-wqf1"},{"vulnerability":"VCID-c3qw-eazy-nyer"},{"vulnerability":"VCID-c5ev-cgh8-3kda"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d2qf-r6jd-r3c7"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-f72c-txrr-ukga"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-g9nw-c9d1-a3er"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-kszc-uv1w-syb1"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pbeh-n41k-s7au"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-sewn-mfcw-gygm"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-yy22-6ztx-67d4"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7"}],"aliases":["CVE-2007-5894"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-phbg-1ygq-9qb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74952?format=json","vulnerability_id":"VCID-zca5-fvv5-6yeq","summary":"KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0062.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0062.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0062","reference_id":"","reference_type":"","scores":[{"value":"0.16257","scoring_system":"epss","scoring_elements":"0.94946","published_at":"2026-06-04T12:55:00Z"},{"value":"0.16257","scoring_system":"epss","scoring_elements":"0.94954","published_at":"2026-06-05T12:55:00Z"},{"value":"0.16257","scoring_system":"epss","scoring_elements":"0.94955","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=432620","reference_id":"432620","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=432620"},{"reference_url":"https://security.gentoo.org/glsa/200803-31","reference_id":"GLSA-200803-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200803-31"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0164","reference_id":"RHSA-2008:0164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0180","reference_id":"RHSA-2008:0180","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0180"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0181","reference_id":"RHSA-2008:0181","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0181"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0182","reference_id":"RHSA-2008:0182","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0182"},{"reference_url":"https://usn.ubuntu.com/587-1/","reference_id":"USN-587-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/587-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6246?format=json","purl":"pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-1sps-s2a3-wbad"},{"vulnerability":"VCID-1u82-w13p-cfbk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-53pj-pwxv-qqhv"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-5jja-ssqm-skhu"},{"vulnerability":"VCID-5thq-ff3f-h7f6"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7ey4-ge6f-9uct"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-9axv-m7xk-quax"},{"vulnerability":"VCID-a4cc-w95t-8fh6"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c2t4-3vdu-wqf1"},{"vulnerability":"VCID-c3qw-eazy-nyer"},{"vulnerability":"VCID-c5ev-cgh8-3kda"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d2qf-r6jd-r3c7"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-f72c-txrr-ukga"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-g9nw-c9d1-a3er"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-kszc-uv1w-syb1"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pbeh-n41k-s7au"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-sewn-mfcw-gygm"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-yy22-6ztx-67d4"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7"}],"aliases":["CVE-2008-0062"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zca5-fvv5-6yeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74939?format=json","vulnerability_id":"VCID-zqek-558r-wqf8","summary":"The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4743.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4743.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4743","reference_id":"","reference_type":"","scores":[{"value":"0.20249","scoring_system":"epss","scoring_elements":"0.95627","published_at":"2026-06-04T12:55:00Z"},{"value":"0.20249","scoring_system":"epss","scoring_elements":"0.95633","published_at":"2026-06-05T12:55:00Z"},{"value":"0.20249","scoring_system":"epss","scoring_elements":"0.95637","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4743"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=281561","reference_id":"281561","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=281561"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441209","reference_id":"441209","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0892","reference_id":"RHSA-2007:0892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0892"},{"reference_url":"https://usn.ubuntu.com/511-2/","reference_id":"USN-511-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/511-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6246?format=json","purl":"pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-1sps-s2a3-wbad"},{"vulnerability":"VCID-1u82-w13p-cfbk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-53pj-pwxv-qqhv"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-5jja-ssqm-skhu"},{"vulnerability":"VCID-5thq-ff3f-h7f6"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7ey4-ge6f-9uct"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-9axv-m7xk-quax"},{"vulnerability":"VCID-a4cc-w95t-8fh6"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c2t4-3vdu-wqf1"},{"vulnerability":"VCID-c3qw-eazy-nyer"},{"vulnerability":"VCID-c5ev-cgh8-3kda"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d2qf-r6jd-r3c7"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-f72c-txrr-ukga"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-g9nw-c9d1-a3er"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-kszc-uv1w-syb1"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pbeh-n41k-s7au"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-sewn-mfcw-gygm"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-yy22-6ztx-67d4"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7"}],"aliases":["CVE-2007-4743"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zqek-558r-wqf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74924?format=json","vulnerability_id":"VCID-zzy2-uume-kyd8","summary":"Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0957.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0957.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0957","reference_id":"","reference_type":"","scores":[{"value":"0.26118","scoring_system":"epss","scoring_elements":"0.96389","published_at":"2026-06-04T12:55:00Z"},{"value":"0.26118","scoring_system":"epss","scoring_elements":"0.96394","published_at":"2026-06-05T12:55:00Z"},{"value":"0.26118","scoring_system":"epss","scoring_elements":"0.96398","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0957"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=231528","reference_id":"231528","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=231528"},{"reference_url":"https://security.gentoo.org/glsa/200704-02","reference_id":"GLSA-200704-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200704-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0095","reference_id":"RHSA-2007:0095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0095"},{"reference_url":"https://usn.ubuntu.com/449-1/","reference_id":"USN-449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6246?format=json","purl":"pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11jm-yxbs-1kfj"},{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-1sps-s2a3-wbad"},{"vulnerability":"VCID-1u82-w13p-cfbk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3jcm-y59r-47a5"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-53pj-pwxv-qqhv"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-5jja-ssqm-skhu"},{"vulnerability":"VCID-5thq-ff3f-h7f6"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7ey4-ge6f-9uct"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-8fxt-3wg4-dkbb"},{"vulnerability":"VCID-9axv-m7xk-quax"},{"vulnerability":"VCID-a4cc-w95t-8fh6"},{"vulnerability":"VCID-at3s-18x4-n7e2"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-bg27-2hv6-m7cx"},{"vulnerability":"VCID-bkdg-dybz-t3fy"},{"vulnerability":"VCID-bkqm-d2bp-f7fe"},{"vulnerability":"VCID-c2t4-3vdu-wqf1"},{"vulnerability":"VCID-c3qw-eazy-nyer"},{"vulnerability":"VCID-c5ev-cgh8-3kda"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-d2qf-r6jd-r3c7"},{"vulnerability":"VCID-d42v-zwu4-a3ge"},{"vulnerability":"VCID-d53g-faqf-gfdp"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-ezm2-e8zw-g7dg"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-f72c-txrr-ukga"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-g9nw-c9d1-a3er"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-hre7-pp7p-13fs"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jbf6-vrjc-syg1"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-ksar-xuza-8kg7"},{"vulnerability":"VCID-kszc-uv1w-syb1"},{"vulnerability":"VCID-ktuq-s8bz-1qam"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-ny7t-pkm8-2fb4"},{"vulnerability":"VCID-pbeh-n41k-s7au"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-sewn-mfcw-gygm"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-vxvk-vwan-ukak"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-yy22-6ztx-67d4"},{"vulnerability":"VCID-zv6f-cpbv-a7b7"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7"}],"aliases":["CVE-2007-0957"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zzy2-uume-kyd8"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7"}