{"url":"http://public2.vulnerablecode.io/api/packages/6248?format=json","purl":"pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze11","type":"deb","namespace":"debian","name":"krb5","version":"1.8.3+dfsg-4squeeze11","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.20.1-2+deb12u4","latest_non_vulnerable_version":"1.20.1-2+deb12u4","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74980?format=json","vulnerability_id":"VCID-11jm-yxbs-1kfj","summary":"The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1527.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1527.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1527","reference_id":"","reference_type":"","scores":[{"value":"0.02618","scoring_system":"epss","scoring_elements":"0.85938","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02618","scoring_system":"epss","scoring_elements":"0.8596","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02618","scoring_system":"epss","scoring_elements":"0.85964","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1527"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1527","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1527"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367","reference_id":"646367","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=737711","reference_id":"737711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=737711"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1379","reference_id":"RHSA-2011:1379","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1379"},{"reference_url":"https://usn.ubuntu.com/1233-1/","reference_id":"USN-1233-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1233-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2011-1527"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11jm-yxbs-1kfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75006?format=json","vulnerability_id":"VCID-1nn6-mr7d-wyhk","summary":"The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial \"kadmind\" substring, as demonstrated by a \"ka/x\" principal.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9422.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9422.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9422","reference_id":"","reference_type":"","scores":[{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74304","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74337","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00794","scoring_system":"epss","scoring_elements":"0.74342","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179861","reference_id":"1179861","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0439","reference_id":"RHSA-2015:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0794","reference_id":"RHSA-2015:0794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0794"},{"reference_url":"https://usn.ubuntu.com/2498-1/","reference_id":"USN-2498-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2498-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-9422"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1nn6-mr7d-wyhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74997?format=json","vulnerability_id":"VCID-2674-wgen-1qbk","summary":"Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4343.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4343.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4343","reference_id":"","reference_type":"","scores":[{"value":"0.07384","scoring_system":"epss","scoring_elements":"0.91864","published_at":"2026-06-04T12:55:00Z"},{"value":"0.07384","scoring_system":"epss","scoring_elements":"0.91876","published_at":"2026-06-05T12:55:00Z"},{"value":"0.07384","scoring_system":"epss","scoring_elements":"0.91877","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1121876","reference_id":"1121876","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1121876"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755520","reference_id":"755520","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755520"},{"reference_url":"https://security.gentoo.org/glsa/201412-53","reference_id":"GLSA-201412-53","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-53"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1389","reference_id":"RHSA-2014:1389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0439","reference_id":"RHSA-2015:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0439"},{"reference_url":"https://usn.ubuntu.com/2310-1/","reference_id":"USN-2310-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2310-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-4343"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2674-wgen-1qbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75015?format=json","vulnerability_id":"VCID-2tn3-dfqx-5yc9","summary":"Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8631.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8631.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8631","reference_id":"","reference_type":"","scores":[{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.85985","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.86006","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02635","scoring_system":"epss","scoring_elements":"0.86009","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8629","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8631"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302642","reference_id":"1302642","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302642"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813126","reference_id":"813126","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0493","reference_id":"RHSA-2016:0493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0532","reference_id":"RHSA-2016:0532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0532"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6251?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2015-8631"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2tn3-dfqx-5yc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61752?format=json","vulnerability_id":"VCID-3d22-kr2u-tuck","summary":"krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40355.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40355.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40355","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28666","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28707","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135317","reference_id":"1135317","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135317"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463370","reference_id":"2463370","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463370"},{"reference_url":"https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f","reference_id":"2e75f0d9362fb979f5fc92829431a590a130929f","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T12:53:15Z/"}],"url":"https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f"},{"reference_url":"https://web.mit.edu/kerberos/advisories/","reference_id":"advisories","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T12:53:15Z/"}],"url":"https://web.mit.edu/kerberos/advisories/"},{"reference_url":"https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html","reference_id":"krb5-two-unauthenticated-network-vulnerabilities.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T12:53:15Z/"}],"url":"https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12220","reference_id":"RHSA-2026:12220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16799","reference_id":"RHSA-2026:16799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19145","reference_id":"RHSA-2026:19145","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19145"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19357","reference_id":"RHSA-2026:19357","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19357"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21275","reference_id":"RHSA-2026:21275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22634","reference_id":"RHSA-2026:22634","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22634"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/773967?format=json","purl":"pkg:deb/debian/krb5@1.20.1-2%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.20.1-2%252Bdeb12u4"}],"aliases":["CVE-2026-40355"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3d22-kr2u-tuck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75003?format=json","vulnerability_id":"VCID-3df1-58jr-e7gv","summary":"plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin \"add_principal -nokey\" or \"purgekeys -all\" command.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5354.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5354.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5354","reference_id":"","reference_type":"","scores":[{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67978","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.68017","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.68025","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5354"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1174546","reference_id":"1174546","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1174546"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773228","reference_id":"773228","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773228"},{"reference_url":"https://usn.ubuntu.com/2498-1/","reference_id":"USN-2498-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2498-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-5354"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3df1-58jr-e7gv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74983?format=json","vulnerability_id":"VCID-3jcm-y59r-47a5","summary":"The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1530.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1530.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1530","reference_id":"","reference_type":"","scores":[{"value":"0.00934","scoring_system":"epss","scoring_elements":"0.76529","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00934","scoring_system":"epss","scoring_elements":"0.76559","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00934","scoring_system":"epss","scoring_elements":"0.76564","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1530","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1530"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=753748","reference_id":"753748","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=753748"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1790","reference_id":"RHSA-2011:1790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1790"},{"reference_url":"https://usn.ubuntu.com/1290-1/","reference_id":"USN-1290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2011-1530"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3jcm-y59r-47a5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75022?format=json","vulnerability_id":"VCID-3tas-mucv-aufk","summary":"An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function \"strlen\" is getting a \"NULL\" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5710.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5710.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5710","reference_id":"","reference_type":"","scores":[{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60026","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60073","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60076","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5710"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1535575","reference_id":"1535575","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1535575"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889685","reference_id":"889685","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889685"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6253?format=json","purl":"pkg:deb/debian/krb5@1.17-3%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4"}],"aliases":["CVE-2018-5710"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3tas-mucv-aufk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75002?format=json","vulnerability_id":"VCID-42rr-7ajf-eqg7","summary":"The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5353.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5353.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5353","reference_id":"","reference_type":"","scores":[{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.68272","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.68313","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.68321","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5353","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5353"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1174543","reference_id":"1174543","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1174543"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773226","reference_id":"773226","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773226"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0439","reference_id":"RHSA-2015:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0794","reference_id":"RHSA-2015:0794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0794"},{"reference_url":"https://usn.ubuntu.com/2498-1/","reference_id":"USN-2498-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2498-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-5353"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-42rr-7ajf-eqg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75020?format=json","vulnerability_id":"VCID-4mm3-t6eu-4qde","summary":"A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20217.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20217.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20217","reference_id":"","reference_type":"","scores":[{"value":"0.02665","scoring_system":"epss","scoring_elements":"0.86077","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02665","scoring_system":"epss","scoring_elements":"0.86098","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02665","scoring_system":"epss","scoring_elements":"0.86102","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20217"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1665296","reference_id":"1665296","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1665296"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917387","reference_id":"917387","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917387"},{"reference_url":"https://usn.ubuntu.com/5828-1/","reference_id":"USN-5828-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5828-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6253?format=json","purl":"pkg:deb/debian/krb5@1.17-3%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4"}],"aliases":["CVE-2018-20217"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4mm3-t6eu-4qde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75005?format=json","vulnerability_id":"VCID-596a-s3un-vbbc","summary":"The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9421.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9421.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9421","reference_id":"","reference_type":"","scores":[{"value":"0.05356","scoring_system":"epss","scoring_elements":"0.90245","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05356","scoring_system":"epss","scoring_elements":"0.90261","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05356","scoring_system":"epss","scoring_elements":"0.90259","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9421"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179857","reference_id":"1179857","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0439","reference_id":"RHSA-2015:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0794","reference_id":"RHSA-2015:0794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0794"},{"reference_url":"https://usn.ubuntu.com/2498-1/","reference_id":"USN-2498-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2498-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-9421"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-596a-s3un-vbbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75004?format=json","vulnerability_id":"VCID-6jnk-3rfw-nkh8","summary":"MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5355.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5355.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5355","reference_id":"","reference_type":"","scores":[{"value":"0.08201","scoring_system":"epss","scoring_elements":"0.92352","published_at":"2026-06-04T12:55:00Z"},{"value":"0.08201","scoring_system":"epss","scoring_elements":"0.92366","published_at":"2026-06-05T12:55:00Z"},{"value":"0.08201","scoring_system":"epss","scoring_elements":"0.92362","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5355"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1193939","reference_id":"1193939","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1193939"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778647","reference_id":"778647","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0794","reference_id":"RHSA-2015:0794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0794"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2154","reference_id":"RHSA-2015:2154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2154"},{"reference_url":"https://usn.ubuntu.com/2810-1/","reference_id":"USN-2810-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2810-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-5355"],"risk_score":1.2,"exploitability":"0.5","weighted_severity":"2.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jnk-3rfw-nkh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74874?format=json","vulnerability_id":"VCID-7wnb-bhuv-tycp","summary":"schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-2443.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-2443.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2002-2443","reference_id":"","reference_type":"","scores":[{"value":"0.15013","scoring_system":"epss","scoring_elements":"0.94695","published_at":"2026-06-04T12:55:00Z"},{"value":"0.15013","scoring_system":"epss","scoring_elements":"0.94704","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2002-2443"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2443","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2443"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708267","reference_id":"708267","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708267"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=962531","reference_id":"962531","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=962531"},{"reference_url":"https://security.gentoo.org/glsa/201312-12","reference_id":"GLSA-201312-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201312-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0942","reference_id":"RHSA-2013:0942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0942"},{"reference_url":"https://usn.ubuntu.com/2810-1/","reference_id":"USN-2810-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2810-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2002-2443"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7wnb-bhuv-tycp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74982?format=json","vulnerability_id":"VCID-8fxt-3wg4-dkbb","summary":"The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1529.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1529.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1529","reference_id":"","reference_type":"","scores":[{"value":"0.02376","scoring_system":"epss","scoring_elements":"0.85263","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02376","scoring_system":"epss","scoring_elements":"0.85287","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02376","scoring_system":"epss","scoring_elements":"0.85292","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1529"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367","reference_id":"646367","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=737711","reference_id":"737711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=737711"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1379","reference_id":"RHSA-2011:1379","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1379"},{"reference_url":"https://usn.ubuntu.com/1233-1/","reference_id":"USN-1233-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1233-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2011-1529"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8fxt-3wg4-dkbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74985?format=json","vulnerability_id":"VCID-at3s-18x4-n7e2","summary":"server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1012.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1012.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1012","reference_id":"","reference_type":"","scores":[{"value":"0.00238","scoring_system":"epss","scoring_elements":"0.47041","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00238","scoring_system":"epss","scoring_elements":"0.47106","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00238","scoring_system":"epss","scoring_elements":"0.47109","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1012"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670918","reference_id":"670918","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670918"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=796438","reference_id":"796438","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=796438"},{"reference_url":"https://usn.ubuntu.com/1520-1/","reference_id":"USN-1520-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1520-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2012-1012"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-at3s-18x4-n7e2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75008?format=json","vulnerability_id":"VCID-b6a9-hnjx-c3gk","summary":"The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2694.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2694.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2694","reference_id":"","reference_type":"","scores":[{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75903","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75929","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2694"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2694","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2694"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1216133","reference_id":"1216133","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1216133"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783557","reference_id":"783557","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783557"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2154","reference_id":"RHSA-2015:2154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2154"},{"reference_url":"https://usn.ubuntu.com/2810-1/","reference_id":"USN-2810-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2810-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2015-2694"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b6a9-hnjx-c3gk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74993?format=json","vulnerability_id":"VCID-bdmc-p544-bfg9","summary":"do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1417.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1417.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1417","reference_id":"","reference_type":"","scores":[{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.68062","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.68101","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.68109","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1417"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1417"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1030743","reference_id":"1030743","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1030743"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730085","reference_id":"730085","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730085"},{"reference_url":"https://security.gentoo.org/glsa/201312-12","reference_id":"GLSA-201312-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201312-12"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2013-1417"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bdmc-p544-bfg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74984?format=json","vulnerability_id":"VCID-bg27-2hv6-m7cx","summary":"The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4151.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4151.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4151","reference_id":"","reference_type":"","scores":[{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.79281","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.79308","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.79313","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4151"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4151","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4151"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367","reference_id":"646367","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=737711","reference_id":"737711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=737711"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2011-4151"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bg27-2hv6-m7cx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74974?format=json","vulnerability_id":"VCID-bkdg-dybz-t3fy","summary":"The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process \"exits abnormally,\" which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4022.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4022.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4022","reference_id":"","reference_type":"","scores":[{"value":"0.08988","scoring_system":"epss","scoring_elements":"0.92761","published_at":"2026-06-04T12:55:00Z"},{"value":"0.08988","scoring_system":"epss","scoring_elements":"0.92774","published_at":"2026-06-05T12:55:00Z"},{"value":"0.08988","scoring_system":"epss","scoring_elements":"0.92769","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4022"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=664009","reference_id":"664009","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=664009"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0200","reference_id":"RHSA-2011:0200","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0200"},{"reference_url":"https://usn.ubuntu.com/1062-1/","reference_id":"USN-1062-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1062-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2010-4022"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bkdg-dybz-t3fy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74991?format=json","vulnerability_id":"VCID-bkqm-d2bp-f7fe","summary":"The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1416.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1416.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1416","reference_id":"","reference_type":"","scores":[{"value":"0.02274","scoring_system":"epss","scoring_elements":"0.84961","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02274","scoring_system":"epss","scoring_elements":"0.84985","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02274","scoring_system":"epss","scoring_elements":"0.84989","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1416"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704775","reference_id":"704775","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704775"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=949984","reference_id":"949984","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=949984"},{"reference_url":"https://security.gentoo.org/glsa/201312-12","reference_id":"GLSA-201312-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201312-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0748","reference_id":"RHSA-2013:0748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0748"},{"reference_url":"https://usn.ubuntu.com/2310-1/","reference_id":"USN-2310-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2310-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2013-1416"],"risk_score":1.0,"exploitability":"0.5","weighted_severity":"2.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bkqm-d2bp-f7fe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75023?format=json","vulnerability_id":"VCID-c5he-57zg-fybc","summary":"MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5729.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5729.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5729","reference_id":"","reference_type":"","scores":[{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22938","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2302","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.23006","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5729"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1551083","reference_id":"1551083","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1551083"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869","reference_id":"891869","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869"},{"reference_url":"https://security.archlinux.org/ASA-201806-3","reference_id":"ASA-201806-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-3"},{"reference_url":"https://security.archlinux.org/AVG-586","reference_id":"AVG-586","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-586"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3071","reference_id":"RHSA-2018:3071","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3071"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6253?format=json","purl":"pkg:deb/debian/krb5@1.17-3%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4"}],"aliases":["CVE-2018-5729"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c5he-57zg-fybc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74978?format=json","vulnerability_id":"VCID-d42v-zwu4-a3ge","summary":"Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0284.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0284.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0284","reference_id":"","reference_type":"","scores":[{"value":"0.2264","scoring_system":"epss","scoring_elements":"0.9596","published_at":"2026-06-04T12:55:00Z"},{"value":"0.2264","scoring_system":"epss","scoring_elements":"0.95964","published_at":"2026-06-05T12:55:00Z"},{"value":"0.2264","scoring_system":"epss","scoring_elements":"0.95968","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0284"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618517","reference_id":"618517","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618517"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=674325","reference_id":"674325","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=674325"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0356","reference_id":"RHSA-2011:0356","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0356"},{"reference_url":"https://usn.ubuntu.com/1088-1/","reference_id":"USN-1088-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1088-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2011-0284"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d42v-zwu4-a3ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74988?format=json","vulnerability_id":"VCID-d53g-faqf-gfdp","summary":"The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1015.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1015.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1015","reference_id":"","reference_type":"","scores":[{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79537","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79563","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01234","scoring_system":"epss","scoring_elements":"0.79569","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1015"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683429","reference_id":"683429","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683429"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=838012","reference_id":"838012","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=838012"},{"reference_url":"https://security.gentoo.org/glsa/201312-12","reference_id":"GLSA-201312-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201312-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1131","reference_id":"RHSA-2012:1131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1131"},{"reference_url":"https://usn.ubuntu.com/1520-1/","reference_id":"USN-1520-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1520-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2012-1015"],"risk_score":1.2,"exploitability":"0.5","weighted_severity":"2.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d53g-faqf-gfdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75007?format=json","vulnerability_id":"VCID-dbaq-qjd2-d7c9","summary":"The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9423.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9423.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9423","reference_id":"","reference_type":"","scores":[{"value":"0.01537","scoring_system":"epss","scoring_elements":"0.81674","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01537","scoring_system":"epss","scoring_elements":"0.81705","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179863","reference_id":"1179863","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179863"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0439","reference_id":"RHSA-2015:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0439"},{"reference_url":"https://usn.ubuntu.com/2498-1/","reference_id":"USN-2498-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2498-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-9423"],"risk_score":1.2,"exploitability":"0.5","weighted_severity":"2.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dbaq-qjd2-d7c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75018?format=json","vulnerability_id":"VCID-e1xu-a882-s3ga","summary":"The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3120.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3120.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3120","reference_id":"","reference_type":"","scores":[{"value":"0.0432","scoring_system":"epss","scoring_elements":"0.89087","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0432","scoring_system":"epss","scoring_elements":"0.89104","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0432","scoring_system":"epss","scoring_elements":"0.89105","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3120"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1361050","reference_id":"1361050","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1361050"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832572","reference_id":"832572","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832572"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2591","reference_id":"RHSA-2016:2591","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2591"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2016-3120"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e1xu-a882-s3ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75027?format=json","vulnerability_id":"VCID-ekzs-tuvp-ybfq","summary":"ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36222.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36222.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36222","reference_id":"","reference_type":"","scores":[{"value":"0.06615","scoring_system":"epss","scoring_elements":"0.91351","published_at":"2026-06-04T12:55:00Z"},{"value":"0.06615","scoring_system":"epss","scoring_elements":"0.91364","published_at":"2026-06-05T12:55:00Z"},{"value":"0.06615","scoring_system":"epss","scoring_elements":"0.91366","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36222"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1983720","reference_id":"1983720","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1983720"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991365","reference_id":"991365","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991365"},{"reference_url":"https://security.archlinux.org/AVG-2173","reference_id":"AVG-2173","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2173"},{"reference_url":"https://security.gentoo.org/glsa/202405-11","reference_id":"GLSA-202405-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3576","reference_id":"RHSA-2021:3576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3576"},{"reference_url":"https://usn.ubuntu.com/5959-1/","reference_id":"USN-5959-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5959-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6253?format=json","purl":"pkg:deb/debian/krb5@1.17-3%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/538439?format=json","purl":"pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5"}],"aliases":["CVE-2021-36222"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ekzs-tuvp-ybfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74994?format=json","vulnerability_id":"VCID-esm3-3qwz-cud2","summary":"The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1418.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1418.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1418","reference_id":"","reference_type":"","scores":[{"value":"0.07674","scoring_system":"epss","scoring_elements":"0.92046","published_at":"2026-06-04T12:55:00Z"},{"value":"0.07674","scoring_system":"epss","scoring_elements":"0.92058","published_at":"2026-06-05T12:55:00Z"},{"value":"0.07674","scoring_system":"epss","scoring_elements":"0.92056","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1026942","reference_id":"1026942","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1026942"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728845","reference_id":"728845","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728845"},{"reference_url":"https://security.gentoo.org/glsa/201312-12","reference_id":"GLSA-201312-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201312-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1245","reference_id":"RHSA-2014:1245","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1389","reference_id":"RHSA-2014:1389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1389"},{"reference_url":"https://usn.ubuntu.com/2310-1/","reference_id":"USN-2310-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2310-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2013-1418"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-esm3-3qwz-cud2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74989?format=json","vulnerability_id":"VCID-ezm2-e8zw-g7dg","summary":"The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1016.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1016.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1016","reference_id":"","reference_type":"","scores":[{"value":"0.00643","scoring_system":"epss","scoring_elements":"0.71018","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00643","scoring_system":"epss","scoring_elements":"0.7106","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00643","scoring_system":"epss","scoring_elements":"0.71067","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1016"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1016","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1016"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702633","reference_id":"702633","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702633"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=917840","reference_id":"917840","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=917840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0656","reference_id":"RHSA-2013:0656","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0656"},{"reference_url":"https://usn.ubuntu.com/2310-1/","reference_id":"USN-2310-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2310-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2012-1016"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ezm2-e8zw-g7dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74995?format=json","vulnerability_id":"VCID-f343-u3jt-pkfy","summary":"MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4341.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4341.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4341","reference_id":"","reference_type":"","scores":[{"value":"0.14451","scoring_system":"epss","scoring_elements":"0.94559","published_at":"2026-06-04T12:55:00Z"},{"value":"0.14451","scoring_system":"epss","scoring_elements":"0.94567","published_at":"2026-06-05T12:55:00Z"},{"value":"0.14451","scoring_system":"epss","scoring_elements":"0.94569","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1116180","reference_id":"1116180","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1116180"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753624","reference_id":"753624","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753624"},{"reference_url":"https://security.gentoo.org/glsa/201412-53","reference_id":"GLSA-201412-53","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-53"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1245","reference_id":"RHSA-2014:1245","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1389","reference_id":"RHSA-2014:1389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0439","reference_id":"RHSA-2015:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0439"},{"reference_url":"https://usn.ubuntu.com/2310-1/","reference_id":"USN-2310-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2310-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-4341"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f343-u3jt-pkfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75011?format=json","vulnerability_id":"VCID-fcy5-mv1a-n7dh","summary":"The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\\0' character in a long realm field within a TGS request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2697.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2697.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2697","reference_id":"","reference_type":"","scores":[{"value":"0.05447","scoring_system":"epss","scoring_elements":"0.90342","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05447","scoring_system":"epss","scoring_elements":"0.90357","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05447","scoring_system":"epss","scoring_elements":"0.90356","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2697"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1275863","reference_id":"1275863","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1275863"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803088","reference_id":"803088","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803088"},{"reference_url":"https://security.gentoo.org/glsa/201611-14","reference_id":"GLSA-201611-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201611-14"},{"reference_url":"https://usn.ubuntu.com/2810-1/","reference_id":"USN-2810-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2810-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6251?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2015-2697"],"risk_score":1.7,"exploitability":"0.5","weighted_severity":"3.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fcy5-mv1a-n7dh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75014?format=json","vulnerability_id":"VCID-fvfb-k9ar-93eu","summary":"The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8630.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8630.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8630","reference_id":"","reference_type":"","scores":[{"value":"0.03623","scoring_system":"epss","scoring_elements":"0.88014","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03623","scoring_system":"epss","scoring_elements":"0.88034","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03623","scoring_system":"epss","scoring_elements":"0.88038","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8630"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8630","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8630"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302632","reference_id":"1302632","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302632"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813127","reference_id":"813127","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0532","reference_id":"RHSA-2016:0532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0532"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2015-8630"],"risk_score":0.6,"exploitability":"0.5","weighted_severity":"1.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fvfb-k9ar-93eu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75016?format=json","vulnerability_id":"VCID-h23e-nhyz-8uda","summary":"The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3119.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3119.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3119","reference_id":"","reference_type":"","scores":[{"value":"0.10203","scoring_system":"epss","scoring_elements":"0.93271","published_at":"2026-06-04T12:55:00Z"},{"value":"0.10203","scoring_system":"epss","scoring_elements":"0.93283","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3119"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3119","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3119"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1319616","reference_id":"1319616","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1319616"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819468","reference_id":"819468","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2591","reference_id":"RHSA-2016:2591","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2591"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2016-3119"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h23e-nhyz-8uda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74990?format=json","vulnerability_id":"VCID-hre7-pp7p-13fs","summary":"The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1415.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1415.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1415","reference_id":"","reference_type":"","scores":[{"value":"0.01588","scoring_system":"epss","scoring_elements":"0.81961","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01588","scoring_system":"epss","scoring_elements":"0.81994","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01588","scoring_system":"epss","scoring_elements":"0.81995","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1415"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=914749","reference_id":"914749","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=914749"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0656","reference_id":"RHSA-2013:0656","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0656"},{"reference_url":"https://usn.ubuntu.com/2310-1/","reference_id":"USN-2310-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2310-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2013-1415"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hre7-pp7p-13fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6879?format=json","vulnerability_id":"VCID-husp-fm64-nfa9","summary":"denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37750.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37750.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37750","reference_id":"","reference_type":"","scores":[{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72752","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72791","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72799","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37750"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1996834","reference_id":"1996834","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1996834"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992607","reference_id":"992607","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992607"},{"reference_url":"https://security.archlinux.org/AVG-2312","reference_id":"AVG-2312","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2312"},{"reference_url":"https://security.gentoo.org/glsa/202405-11","reference_id":"GLSA-202405-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3576","reference_id":"RHSA-2021:3576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4788","reference_id":"RHSA-2021:4788","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4788"},{"reference_url":"https://usn.ubuntu.com/5959-1/","reference_id":"USN-5959-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5959-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/538439?format=json","purl":"pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5"}],"aliases":["CVE-2021-37750"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-husp-fm64-nfa9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74998?format=json","vulnerability_id":"VCID-j145-f5mp-xkeq","summary":"The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4344.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4344.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4344","reference_id":"","reference_type":"","scores":[{"value":"0.0527","scoring_system":"epss","scoring_elements":"0.90169","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0527","scoring_system":"epss","scoring_elements":"0.90185","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0527","scoring_system":"epss","scoring_elements":"0.90183","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4344"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1121877","reference_id":"1121877","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1121877"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755521","reference_id":"755521","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1245","reference_id":"RHSA-2014:1245","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1389","reference_id":"RHSA-2014:1389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0439","reference_id":"RHSA-2015:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0439"},{"reference_url":"https://usn.ubuntu.com/2310-1/","reference_id":"USN-2310-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2310-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-4344"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j145-f5mp-xkeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75024?format=json","vulnerability_id":"VCID-j6qa-q1h1-3uaq","summary":"MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a \"linkdn\" and \"containerdn\" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5730.json","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5730.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5730","reference_id":"","reference_type":"","scores":[{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.69169","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.69208","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.69217","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5730"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1551082","reference_id":"1551082","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1551082"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869","reference_id":"891869","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869"},{"reference_url":"https://security.archlinux.org/ASA-201806-3","reference_id":"ASA-201806-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201806-3"},{"reference_url":"https://security.archlinux.org/AVG-586","reference_id":"AVG-586","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-586"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3071","reference_id":"RHSA-2018:3071","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3071"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6253?format=json","purl":"pkg:deb/debian/krb5@1.17-3%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4"}],"aliases":["CVE-2018-5730"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j6qa-q1h1-3uaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74987?format=json","vulnerability_id":"VCID-jbf6-vrjc-syg1","summary":"The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1014.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1014.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1014","reference_id":"","reference_type":"","scores":[{"value":"0.04152","scoring_system":"epss","scoring_elements":"0.88861","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04152","scoring_system":"epss","scoring_elements":"0.88878","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1014"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683429","reference_id":"683429","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683429"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=838014","reference_id":"838014","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=838014"},{"reference_url":"https://security.gentoo.org/glsa/201312-12","reference_id":"GLSA-201312-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201312-12"},{"reference_url":"https://usn.ubuntu.com/1520-1/","reference_id":"USN-1520-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1520-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2012-1014"],"risk_score":1.0,"exploitability":"0.5","weighted_severity":"2.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jbf6-vrjc-syg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6806?format=json","vulnerability_id":"VCID-jfhc-x8j6-yuab","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37370.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37370.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37370","reference_id":"","reference_type":"","scores":[{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.68171","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.68162","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37370"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37370","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37370"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2294677","reference_id":"2294677","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2294677"},{"reference_url":"https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef","reference_id":"55fbf435edbe2e92dd8101669b1ce7144bc96fef","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-01T15:25:49Z/"}],"url":"https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef"},{"reference_url":"https://web.mit.edu/kerberos/www/advisories/","reference_id":"advisories","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-01T15:25:49Z/"}],"url":"https://web.mit.edu/kerberos/www/advisories/"},{"reference_url":"https://security.archlinux.org/AVG-2856","reference_id":"AVG-2856","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10135","reference_id":"RHSA-2024:10135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11109","reference_id":"RHSA-2024:11109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4734","reference_id":"RHSA-2024:4734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4743","reference_id":"RHSA-2024:4743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5076","reference_id":"RHSA-2024:5076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5312","reference_id":"RHSA-2024:5312","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5316","reference_id":"RHSA-2024:5316","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5316"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5625","reference_id":"RHSA-2024:5625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5625"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5630","reference_id":"RHSA-2024:5630","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5643","reference_id":"RHSA-2024:5643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5643"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5884","reference_id":"RHSA-2024:5884","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5884"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6166","reference_id":"RHSA-2024:6166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7213","reference_id":"RHSA-2024:7213","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7213"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7374","reference_id":"RHSA-2024:7374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7374"},{"reference_url":"https://usn.ubuntu.com/6947-1/","reference_id":"USN-6947-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6947-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/538439?format=json","purl":"pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5"}],"aliases":["CVE-2024-37370"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jfhc-x8j6-yuab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74975?format=json","vulnerability_id":"VCID-ksar-xuza-8kg7","summary":"The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \\n sequence.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0281.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0281.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0281","reference_id":"","reference_type":"","scores":[{"value":"0.10754","scoring_system":"epss","scoring_elements":"0.93472","published_at":"2026-06-04T12:55:00Z"},{"value":"0.10754","scoring_system":"epss","scoring_elements":"0.93483","published_at":"2026-06-05T12:55:00Z"},{"value":"0.10754","scoring_system":"epss","scoring_elements":"0.93484","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0281"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=668719","reference_id":"668719","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=668719"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0199","reference_id":"RHSA-2011:0199","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0199"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0200","reference_id":"RHSA-2011:0200","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0200"},{"reference_url":"https://usn.ubuntu.com/1062-1/","reference_id":"USN-1062-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1062-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2011-0281"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ksar-xuza-8kg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74979?format=json","vulnerability_id":"VCID-ktuq-s8bz-1qam","summary":"The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0285.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0285.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0285","reference_id":"","reference_type":"","scores":[{"value":"0.54024","scoring_system":"epss","scoring_elements":"0.98055","published_at":"2026-06-04T12:55:00Z"},{"value":"0.54024","scoring_system":"epss","scoring_elements":"0.98057","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0285"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622681","reference_id":"622681","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622681"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=696334","reference_id":"696334","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=696334"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35606.txt","reference_id":"CVE-2011-0285;OSVDB-71789","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35606.txt"},{"reference_url":"https://www.securityfocus.com/bid/47310/info","reference_id":"CVE-2011-0285;OSVDB-71789","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/47310/info"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0447","reference_id":"RHSA-2011:0447","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0447"},{"reference_url":"https://usn.ubuntu.com/1116-1/","reference_id":"USN-1116-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1116-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2011-0285"],"risk_score":1.0,"exploitability":"2.0","weighted_severity":"0.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ktuq-s8bz-1qam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75026?format=json","vulnerability_id":"VCID-kwy5-x7m9-4qgt","summary":"MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28196.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28196.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28196","reference_id":"","reference_type":"","scores":[{"value":"0.00955","scoring_system":"epss","scoring_elements":"0.76818","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00955","scoring_system":"epss","scoring_elements":"0.76779","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00955","scoring_system":"epss","scoring_elements":"0.76812","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28196"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1901041","reference_id":"1901041","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1901041"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45KKOZQWIIIW5C45PJVGQ32AXBSYNBE7/","reference_id":"45KKOZQWIIIW5C45PJVGQ32AXBSYNBE7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45KKOZQWIIIW5C45PJVGQ32AXBSYNBE7/"},{"reference_url":"https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd","reference_id":"57415dda6cf04e73ffc3723be518eddfae599bfd","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/73IGOG6CZAVMVNS4GGRMOLOZ7B6QVA7F/","reference_id":"73IGOG6CZAVMVNS4GGRMOLOZ7B6QVA7F","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/73IGOG6CZAVMVNS4GGRMOLOZ7B6QVA7F/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973880","reference_id":"973880","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973880"},{"reference_url":"https://www.debian.org/security/2020/dsa-4795","reference_id":"dsa-4795","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://www.debian.org/security/2020/dsa-4795"},{"reference_url":"https://security.gentoo.org/glsa/202011-17","reference_id":"GLSA-202011-17","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://security.gentoo.org/glsa/202011-17"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPH2V3WSQTELROZK3GFCPQDOFLKIZ6H5/","reference_id":"KPH2V3WSQTELROZK3GFCPQDOFLKIZ6H5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPH2V3WSQTELROZK3GFCPQDOFLKIZ6H5/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00011.html","reference_id":"msg00011.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00011.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20201202-0001/","reference_id":"ntap-20201202-0001","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://security.netapp.com/advisory/ntap-20201202-0001/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210513-0002/","reference_id":"ntap-20210513-0002","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210513-0002/"},{"reference_url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","reference_id":"r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","reference_id":"rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/"}],"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1593","reference_id":"RHSA-2021:1593","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1593"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2239","reference_id":"RHSA-2021:2239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2239"},{"reference_url":"https://usn.ubuntu.com/4635-1/","reference_id":"USN-4635-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4635-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6253?format=json","purl":"pkg:deb/debian/krb5@1.17-3%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/538439?format=json","purl":"pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5"}],"aliases":["CVE-2020-28196"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kwy5-x7m9-4qgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75012?format=json","vulnerability_id":"VCID-mbrk-dkua-uyeq","summary":"The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2698.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2698.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2698","reference_id":"","reference_type":"","scores":[{"value":"0.00867","scoring_system":"epss","scoring_elements":"0.75505","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00867","scoring_system":"epss","scoring_elements":"0.75534","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00867","scoring_system":"epss","scoring_elements":"0.75537","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2698"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2698","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2698"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1278951","reference_id":"1278951","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1278951"},{"reference_url":"https://usn.ubuntu.com/2810-1/","reference_id":"USN-2810-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2810-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2015-2698"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbrk-dkua-uyeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74986?format=json","vulnerability_id":"VCID-ny7t-pkm8-2fb4","summary":"The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1013.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1013.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1013","reference_id":"","reference_type":"","scores":[{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77794","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77821","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77828","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1013"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687647","reference_id":"687647","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687647"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=827517","reference_id":"827517","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=827517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1131","reference_id":"RHSA-2012:1131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1131"},{"reference_url":"https://usn.ubuntu.com/1520-1/","reference_id":"USN-1520-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1520-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2012-1013"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ny7t-pkm8-2fb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75010?format=json","vulnerability_id":"VCID-pj93-uzpy-3bg1","summary":"lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2696.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2696.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2696","reference_id":"","reference_type":"","scores":[{"value":"0.10768","scoring_system":"epss","scoring_elements":"0.93477","published_at":"2026-06-04T12:55:00Z"},{"value":"0.10768","scoring_system":"epss","scoring_elements":"0.93488","published_at":"2026-06-05T12:55:00Z"},{"value":"0.10768","scoring_system":"epss","scoring_elements":"0.93489","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2696"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1275869","reference_id":"1275869","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1275869"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803084","reference_id":"803084","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803084"},{"reference_url":"https://security.gentoo.org/glsa/201611-14","reference_id":"GLSA-201611-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201611-14"},{"reference_url":"https://usn.ubuntu.com/2810-1/","reference_id":"USN-2810-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2810-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6251?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2015-2696"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pj93-uzpy-3bg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75034?format=json","vulnerability_id":"VCID-pq2d-33kw-ayb7","summary":"A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3576.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3576.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3576","reference_id":"","reference_type":"","scores":[{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48824","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48832","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103525","reference_id":"1103525","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103525"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359465","reference_id":"2359465","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359465"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9","reference_id":"cpe:/a:redhat:discovery:2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-3576","reference_id":"CVE-2025-3576","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-3576"},{"reference_url":"https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html","reference_id":"krb5-1.22.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11487","reference_id":"RHSA-2025:11487","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:11487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13664","reference_id":"RHSA-2025:13664","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:13664"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13777","reference_id":"RHSA-2025:13777","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:13777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15000","reference_id":"RHSA-2025:15000","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15000"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15001","reference_id":"RHSA-2025:15001","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15001"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15002","reference_id":"RHSA-2025:15002","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15002"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15003","reference_id":"RHSA-2025:15003","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15004","reference_id":"RHSA-2025:15004","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15004"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8411","reference_id":"RHSA-2025:8411","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9418","reference_id":"RHSA-2025:9418","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9418"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9430","reference_id":"RHSA-2025:9430","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:9430"},{"reference_url":"https://usn.ubuntu.com/7542-1/","reference_id":"USN-7542-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7542-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/773967?format=json","purl":"pkg:deb/debian/krb5@1.20.1-2%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.20.1-2%252Bdeb12u4"}],"aliases":["CVE-2025-3576"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pq2d-33kw-ayb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75009?format=json","vulnerability_id":"VCID-py4d-vrgu-5ueu","summary":"lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2695.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2695.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2695","reference_id":"","reference_type":"","scores":[{"value":"0.04582","scoring_system":"epss","scoring_elements":"0.89406","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04582","scoring_system":"epss","scoring_elements":"0.89424","published_at":"2026-06-05T12:55:00Z"},{"value":"0.04582","scoring_system":"epss","scoring_elements":"0.89423","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1275871","reference_id":"1275871","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1275871"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803083","reference_id":"803083","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803083"},{"reference_url":"https://security.gentoo.org/glsa/201611-14","reference_id":"GLSA-201611-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201611-14"},{"reference_url":"https://usn.ubuntu.com/2810-1/","reference_id":"USN-2810-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2810-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6251?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2015-2695"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-py4d-vrgu-5ueu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6466?format=json","vulnerability_id":"VCID-rgc3-hzw1-3bcp","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11462.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11462.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11462","reference_id":"","reference_type":"","scores":[{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77958","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77965","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01055","scoring_system":"epss","scoring_elements":"0.77931","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11462","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11462"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1488873","reference_id":"1488873","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1488873"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873563","reference_id":"873563","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873563"},{"reference_url":"https://security.archlinux.org/ASA-201710-8","reference_id":"ASA-201710-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-8"},{"reference_url":"https://security.archlinux.org/ASA-201710-9","reference_id":"ASA-201710-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-9"},{"reference_url":"https://security.archlinux.org/AVG-414","reference_id":"AVG-414","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-414"},{"reference_url":"https://security.archlinux.org/AVG-415","reference_id":"AVG-415","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-415"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6253?format=json","purl":"pkg:deb/debian/krb5@1.17-3%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4"}],"aliases":["CVE-2017-11462"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgc3-hzw1-3bcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75033?format=json","vulnerability_id":"VCID-s1hu-g4ns-5ydy","summary":"In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24528.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24528.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24528","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42956","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42945","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24528"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730","reference_id":"1094730","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2342796","reference_id":"2342796","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2342796"},{"reference_url":"https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0","reference_id":"78ceba024b64d49612375be4a12d1c066b0bfbd0","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-16T17:39:31Z/"}],"url":"https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0"},{"reference_url":"https://github.com/krb5/krb5/compare/krb5-1.21.3-final...krb5-1.22-final","reference_id":"krb5-1.21.3-final...krb5-1.22-final","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-16T17:39:31Z/"}],"url":"https://github.com/krb5/krb5/compare/krb5-1.21.3-final...krb5-1.22-final"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1352","reference_id":"RHSA-2025:1352","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1352"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2722","reference_id":"RHSA-2025:2722","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2722"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2789","reference_id":"RHSA-2025:2789","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2789"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7067","reference_id":"RHSA-2025:7067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8385","reference_id":"RHSA-2025:8385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8385"},{"reference_url":"https://usn.ubuntu.com/7314-1/","reference_id":"USN-7314-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7314-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/773967?format=json","purl":"pkg:deb/debian/krb5@1.20.1-2%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.20.1-2%252Bdeb12u4"}],"aliases":["CVE-2025-24528"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s1hu-g4ns-5ydy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74999?format=json","vulnerability_id":"VCID-t96y-1vd2-fqe3","summary":"Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of \"cpw -keepold\" commands.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4345.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4345.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4345","reference_id":"","reference_type":"","scores":[{"value":"0.11304","scoring_system":"epss","scoring_elements":"0.93669","published_at":"2026-06-04T12:55:00Z"},{"value":"0.11304","scoring_system":"epss","scoring_elements":"0.93679","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1128157","reference_id":"1128157","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1128157"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757416","reference_id":"757416","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757416"},{"reference_url":"https://security.gentoo.org/glsa/201412-53","reference_id":"GLSA-201412-53","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-53"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1255","reference_id":"RHSA-2014:1255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1389","reference_id":"RHSA-2014:1389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0439","reference_id":"RHSA-2015:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0439"},{"reference_url":"https://usn.ubuntu.com/2310-1/","reference_id":"USN-2310-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2310-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-4345"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t96y-1vd2-fqe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6805?format=json","vulnerability_id":"VCID-tg7a-etmk-6fea","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37371.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37371.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37371","reference_id":"","reference_type":"","scores":[{"value":"0.02606","scoring_system":"epss","scoring_elements":"0.85933","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02606","scoring_system":"epss","scoring_elements":"0.8593","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-37371"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37370","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37370"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2294676","reference_id":"2294676","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2294676"},{"reference_url":"https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef","reference_id":"55fbf435edbe2e92dd8101669b1ce7144bc96fef","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:31:33Z/"}],"url":"https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef"},{"reference_url":"https://web.mit.edu/kerberos/www/advisories/","reference_id":"advisories","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:31:33Z/"}],"url":"https://web.mit.edu/kerberos/www/advisories/"},{"reference_url":"https://security.archlinux.org/AVG-2856","reference_id":"AVG-2856","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10135","reference_id":"RHSA-2024:10135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:10135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11109","reference_id":"RHSA-2024:11109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:11109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4734","reference_id":"RHSA-2024:4734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4743","reference_id":"RHSA-2024:4743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4743"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5076","reference_id":"RHSA-2024:5076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5312","reference_id":"RHSA-2024:5312","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5316","reference_id":"RHSA-2024:5316","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5316"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5625","reference_id":"RHSA-2024:5625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5625"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5630","reference_id":"RHSA-2024:5630","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5643","reference_id":"RHSA-2024:5643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5643"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5884","reference_id":"RHSA-2024:5884","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5884"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6166","reference_id":"RHSA-2024:6166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7213","reference_id":"RHSA-2024:7213","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7213"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7374","reference_id":"RHSA-2024:7374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1671","reference_id":"RHSA-2025:1671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1673","reference_id":"RHSA-2025:1673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1673"},{"reference_url":"https://usn.ubuntu.com/6947-1/","reference_id":"USN-6947-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6947-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/538439?format=json","purl":"pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5"}],"aliases":["CVE-2024-37371"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tg7a-etmk-6fea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61749?format=json","vulnerability_id":"VCID-u4y9-vrsc-wbdy","summary":"krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40356.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40356.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40356","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28625","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28666","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135317","reference_id":"1135317","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135317"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463368","reference_id":"2463368","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463368"},{"reference_url":"https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f","reference_id":"2e75f0d9362fb979f5fc92829431a590a130929f","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:10:05Z/"}],"url":"https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f"},{"reference_url":"https://web.mit.edu/kerberos/advisories/","reference_id":"advisories","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:10:05Z/"}],"url":"https://web.mit.edu/kerberos/advisories/"},{"reference_url":"https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html","reference_id":"krb5-two-unauthenticated-network-vulnerabilities.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:10:05Z/"}],"url":"https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12220","reference_id":"RHSA-2026:12220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16799","reference_id":"RHSA-2026:16799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19145","reference_id":"RHSA-2026:19145","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19145"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19357","reference_id":"RHSA-2026:19357","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19357"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21275","reference_id":"RHSA-2026:21275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22634","reference_id":"RHSA-2026:22634","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22634"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/773967?format=json","purl":"pkg:deb/debian/krb5@1.20.1-2%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.20.1-2%252Bdeb12u4"}],"aliases":["CVE-2026-40356"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u4y9-vrsc-wbdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75013?format=json","vulnerability_id":"VCID-ukkj-tn8u-yuab","summary":"The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8629.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8629.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8629","reference_id":"","reference_type":"","scores":[{"value":"0.02043","scoring_system":"epss","scoring_elements":"0.8416","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02043","scoring_system":"epss","scoring_elements":"0.84183","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02043","scoring_system":"epss","scoring_elements":"0.84186","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8629","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8631"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302617","reference_id":"1302617","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302617"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813296","reference_id":"813296","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0493","reference_id":"RHSA-2016:0493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0532","reference_id":"RHSA-2016:0532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0532"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6251?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2015-8629"],"risk_score":0.6,"exploitability":"0.5","weighted_severity":"1.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukkj-tn8u-yuab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75000?format=json","vulnerability_id":"VCID-v4b9-7gb8-7kf7","summary":"The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5351.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5351.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5351","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57614","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57666","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57674","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1145425","reference_id":"1145425","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1145425"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762479","reference_id":"762479","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762479"},{"reference_url":"https://security.gentoo.org/glsa/201412-53","reference_id":"GLSA-201412-53","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-53"},{"reference_url":"https://usn.ubuntu.com/2498-1/","reference_id":"USN-2498-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2498-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-5351"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v4b9-7gb8-7kf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75001?format=json","vulnerability_id":"VCID-vq2w-pgev-f7ha","summary":"The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5352.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5352.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5352","reference_id":"","reference_type":"","scores":[{"value":"0.05407","scoring_system":"epss","scoring_elements":"0.90302","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05407","scoring_system":"epss","scoring_elements":"0.90317","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05407","scoring_system":"epss","scoring_elements":"0.90316","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179856","reference_id":"1179856","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0439","reference_id":"RHSA-2015:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0794","reference_id":"RHSA-2015:0794","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0794"},{"reference_url":"https://usn.ubuntu.com/2498-1/","reference_id":"USN-2498-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2498-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-5352"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vq2w-pgev-f7ha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74899?format=json","vulnerability_id":"VCID-vuzh-e7pz-fqgt","summary":"The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0971.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0971.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0971","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28583","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28656","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28615","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0971","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0971"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617336","reference_id":"1617336","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617336"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278271","reference_id":"278271","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:012","reference_id":"RHSA-2005:012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:012"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6252?format=json","purl":"pkg:deb/debian/krb5@1.15-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1"}],"aliases":["CVE-2004-0971"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vuzh-e7pz-fqgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74976?format=json","vulnerability_id":"VCID-vxvk-vwan-ukak","summary":"The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0282.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0282.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0282","reference_id":"","reference_type":"","scores":[{"value":"0.09562","scoring_system":"epss","scoring_elements":"0.93013","published_at":"2026-06-04T12:55:00Z"},{"value":"0.09562","scoring_system":"epss","scoring_elements":"0.93024","published_at":"2026-06-05T12:55:00Z"},{"value":"0.09562","scoring_system":"epss","scoring_elements":"0.93021","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0282","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0282"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=668726","reference_id":"668726","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=668726"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0199","reference_id":"RHSA-2011:0199","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0199"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0200","reference_id":"RHSA-2011:0200","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0200"},{"reference_url":"https://usn.ubuntu.com/1062-1/","reference_id":"USN-1062-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1062-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2011-0282"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vxvk-vwan-ukak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3527?format=json","vulnerability_id":"VCID-wc2t-bbf1-mua5","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42898.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42898.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42898","reference_id":"","reference_type":"","scores":[{"value":"0.10832","scoring_system":"epss","scoring_elements":"0.935","published_at":"2026-06-04T12:55:00Z"},{"value":"0.10832","scoring_system":"epss","scoring_elements":"0.93511","published_at":"2026-06-06T12:55:00Z"},{"value":"0.10832","scoring_system":"epss","scoring_elements":"0.9351","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187","reference_id":"1024187","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267","reference_id":"1024267","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2140960","reference_id":"2140960","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2140960"},{"reference_url":"https://web.mit.edu/kerberos/advisories/","reference_id":"advisories","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://web.mit.edu/kerberos/advisories/"},{"reference_url":"https://security.archlinux.org/AVG-2828","reference_id":"AVG-2828","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2828"},{"reference_url":"https://www.samba.org/samba/security/CVE-2022-42898.html","reference_id":"CVE-2022-42898.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://www.samba.org/samba/security/CVE-2022-42898.html"},{"reference_url":"https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583","reference_id":"ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583"},{"reference_url":"https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c","reference_id":"GHSA-64mq-fvfj-5x3c","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c"},{"reference_url":"https://security.gentoo.org/glsa/202309-06","reference_id":"GLSA-202309-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://security.gentoo.org/glsa/202309-06"},{"reference_url":"https://security.gentoo.org/glsa/202310-06","reference_id":"GLSA-202310-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://security.gentoo.org/glsa/202310-06"},{"reference_url":"https://security.gentoo.org/glsa/202405-11","reference_id":"GLSA-202405-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-11"},{"reference_url":"https://web.mit.edu/kerberos/krb5-1.19/","reference_id":"krb5-1.19","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://web.mit.edu/kerberos/krb5-1.19/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230216-0008/","reference_id":"ntap-20230216-0008","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230216-0008/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230223-0001/","reference_id":"ntap-20230223-0001","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230223-0001/"},{"reference_url":"https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt","reference_id":"README-1.20.1.txt","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8637","reference_id":"RHSA-2022:8637","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8638","reference_id":"RHSA-2022:8638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8639","reference_id":"RHSA-2022:8639","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8640","reference_id":"RHSA-2022:8640","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8640"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8641","reference_id":"RHSA-2022:8641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8648","reference_id":"RHSA-2022:8648","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8662","reference_id":"RHSA-2022:8662","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8662"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8663","reference_id":"RHSA-2022:8663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8669","reference_id":"RHSA-2022:8669","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9029","reference_id":"RHSA-2022:9029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9029"},{"reference_url":"https://bugzilla.samba.org/show_bug.cgi?id=15203","reference_id":"show_bug.cgi?id=15203","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/"}],"url":"https://bugzilla.samba.org/show_bug.cgi?id=15203"},{"reference_url":"https://usn.ubuntu.com/5800-1/","reference_id":"USN-5800-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5800-1/"},{"reference_url":"https://usn.ubuntu.com/5822-1/","reference_id":"USN-5822-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5822-1/"},{"reference_url":"https://usn.ubuntu.com/5828-1/","reference_id":"USN-5828-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5828-1/"},{"reference_url":"https://usn.ubuntu.com/5936-1/","reference_id":"USN-5936-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5936-1/"},{"reference_url":"https://usn.ubuntu.com/7582-1/","reference_id":"USN-7582-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7582-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/538439?format=json","purl":"pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5"}],"aliases":["CVE-2022-42898"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wc2t-bbf1-mua5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75028?format=json","vulnerability_id":"VCID-xmhu-nkgw-kybr","summary":"lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36054.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36054.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36054","reference_id":"","reference_type":"","scores":[{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78377","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78368","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36054"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36054","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36054"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043431","reference_id":"1043431","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043431"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2230178","reference_id":"2230178","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2230178"},{"reference_url":"https://web.mit.edu/kerberos/www/advisories/","reference_id":"advisories","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/"}],"url":"https://web.mit.edu/kerberos/www/advisories/"},{"reference_url":"https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd","reference_id":"ef08b09c9459551aabbe7924fb176f1583053cdd","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/"}],"url":"https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd"},{"reference_url":"https://security.gentoo.org/glsa/202405-11","reference_id":"GLSA-202405-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-11"},{"reference_url":"https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final","reference_id":"krb5-1.20.1-final...krb5-1.20.2-final","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/"}],"url":"https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final"},{"reference_url":"https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final","reference_id":"krb5-1.21-final...krb5-1.21.1-final","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/"}],"url":"https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html","reference_id":"msg00031.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230908-0004/","reference_id":"ntap-20230908-0004","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230908-0004/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6699","reference_id":"RHSA-2023:6699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6699"},{"reference_url":"https://usn.ubuntu.com/6467-1/","reference_id":"USN-6467-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6467-1/"},{"reference_url":"https://usn.ubuntu.com/6467-2/","reference_id":"USN-6467-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6467-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/538439?format=json","purl":"pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5"}],"aliases":["CVE-2023-36054"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xmhu-nkgw-kybr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4357?format=json","vulnerability_id":"VCID-yejf-124s-hqgx","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15088.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15088.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15088","reference_id":"","reference_type":"","scores":[{"value":"0.01283","scoring_system":"epss","scoring_elements":"0.79965","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01283","scoring_system":"epss","scoring_elements":"0.7994","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01283","scoring_system":"epss","scoring_elements":"0.7997","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15088"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15088"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:C/I:C/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1504045","reference_id":"1504045","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1504045"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871698","reference_id":"871698","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871698"},{"reference_url":"https://security.archlinux.org/AVG-505","reference_id":"AVG-505","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-505"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6253?format=json","purl":"pkg:deb/debian/krb5@1.17-3%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4"}],"aliases":["CVE-2017-15088"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yejf-124s-hqgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6467?format=json","vulnerability_id":"VCID-yr93-awkm-v7ay","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11368.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11368.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11368","reference_id":"","reference_type":"","scores":[{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.72042","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.72049","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.72001","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11368"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11368","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11368"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:C"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1473560","reference_id":"1473560","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1473560"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869260","reference_id":"869260","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869260"},{"reference_url":"https://security.archlinux.org/ASA-201710-8","reference_id":"ASA-201710-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-8"},{"reference_url":"https://security.archlinux.org/AVG-414","reference_id":"AVG-414","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-414"},{"reference_url":"https://security.archlinux.org/AVG-436","reference_id":"AVG-436","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0666","reference_id":"RHSA-2018:0666","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0666"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6253?format=json","purl":"pkg:deb/debian/krb5@1.17-3%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4"}],"aliases":["CVE-2017-11368"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yr93-awkm-v7ay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74981?format=json","vulnerability_id":"VCID-zv6f-cpbv-a7b7","summary":"The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function.  NOTE: the Berkeley DB vector is covered by CVE-2011-4151.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1528.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1528.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1528","reference_id":"","reference_type":"","scores":[{"value":"0.05459","scoring_system":"epss","scoring_elements":"0.90354","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05459","scoring_system":"epss","scoring_elements":"0.9037","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05459","scoring_system":"epss","scoring_elements":"0.90368","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1528"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367","reference_id":"646367","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=737711","reference_id":"737711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=737711"},{"reference_url":"https://security.gentoo.org/glsa/201201-13","reference_id":"GLSA-201201-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201201-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1379","reference_id":"RHSA-2011:1379","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1379"},{"reference_url":"https://usn.ubuntu.com/1233-1/","reference_id":"USN-1233-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1233-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"}],"aliases":["CVE-2011-1528"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zv6f-cpbv-a7b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74996?format=json","vulnerability_id":"VCID-zxdc-pv4q-myb6","summary":"MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4342.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4342.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4342","reference_id":"","reference_type":"","scores":[{"value":"0.08139","scoring_system":"epss","scoring_elements":"0.92317","published_at":"2026-06-04T12:55:00Z"},{"value":"0.08139","scoring_system":"epss","scoring_elements":"0.92332","published_at":"2026-06-05T12:55:00Z"},{"value":"0.08139","scoring_system":"epss","scoring_elements":"0.92329","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1120581","reference_id":"1120581","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1120581"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753625","reference_id":"753625","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753625"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1389","reference_id":"RHSA-2014:1389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0439","reference_id":"RHSA-2015:0439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0439"},{"reference_url":"https://usn.ubuntu.com/2310-1/","reference_id":"USN-2310-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2310-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6249?format=json","purl":"pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nn6-mr7d-wyhk"},{"vulnerability":"VCID-2674-wgen-1qbk"},{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3df1-58jr-e7gv"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-42rr-7ajf-eqg7"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-596a-s3un-vbbc"},{"vulnerability":"VCID-6jnk-3rfw-nkh8"},{"vulnerability":"VCID-7wnb-bhuv-tycp"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-bdmc-p544-bfg9"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-dbaq-qjd2-d7c9"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-esm3-3qwz-cud2"},{"vulnerability":"VCID-f343-u3jt-pkfy"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j145-f5mp-xkeq"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-t96y-1vd2-fqe3"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-v4b9-7gb8-7kf7"},{"vulnerability":"VCID-vq2w-pgev-f7ha"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"},{"vulnerability":"VCID-zxdc-pv4q-myb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7"},{"url":"http://public2.vulnerablecode.io/api/packages/6250?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tn3-dfqx-5yc9"},{"vulnerability":"VCID-3d22-kr2u-tuck"},{"vulnerability":"VCID-3tas-mucv-aufk"},{"vulnerability":"VCID-4mm3-t6eu-4qde"},{"vulnerability":"VCID-b6a9-hnjx-c3gk"},{"vulnerability":"VCID-c5he-57zg-fybc"},{"vulnerability":"VCID-e1xu-a882-s3ga"},{"vulnerability":"VCID-ekzs-tuvp-ybfq"},{"vulnerability":"VCID-fcy5-mv1a-n7dh"},{"vulnerability":"VCID-fvfb-k9ar-93eu"},{"vulnerability":"VCID-h23e-nhyz-8uda"},{"vulnerability":"VCID-husp-fm64-nfa9"},{"vulnerability":"VCID-j6qa-q1h1-3uaq"},{"vulnerability":"VCID-jfhc-x8j6-yuab"},{"vulnerability":"VCID-kwy5-x7m9-4qgt"},{"vulnerability":"VCID-mbrk-dkua-uyeq"},{"vulnerability":"VCID-pj93-uzpy-3bg1"},{"vulnerability":"VCID-pq2d-33kw-ayb7"},{"vulnerability":"VCID-py4d-vrgu-5ueu"},{"vulnerability":"VCID-rgc3-hzw1-3bcp"},{"vulnerability":"VCID-s1hu-g4ns-5ydy"},{"vulnerability":"VCID-tg7a-etmk-6fea"},{"vulnerability":"VCID-u4y9-vrsc-wbdy"},{"vulnerability":"VCID-ukkj-tn8u-yuab"},{"vulnerability":"VCID-vuzh-e7pz-fqgt"},{"vulnerability":"VCID-wc2t-bbf1-mua5"},{"vulnerability":"VCID-xmhu-nkgw-kybr"},{"vulnerability":"VCID-yejf-124s-hqgx"},{"vulnerability":"VCID-yr93-awkm-v7ay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19"}],"aliases":["CVE-2014-4342"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zxdc-pv4q-myb6"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze11"}