VYPR

Vendor CVEs

Heimdal

All CVEs

43 total · sorted by risk
  • CVE-2004-0434CriJul 7, 2004
    risk 0.64cvss 9.8epss 0.07

    k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow.

  • CVE-2017-11103HigJul 13, 2017
    risk 0.53cvss 8.1epss 0.05

    Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the…

  • CVE-2018-5349HigMar 22, 2018
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been found in Heimdal PRO v2.2.190, but it is most likely also present in Heimdal FREE and Heimdal CORP. Faulty permissions on the directory "C:\ProgramData\Heimdal Security\Heimdal Agent" allow BUILTIN\Users to write new files to the directory. On startup,…

  • CVE-2017-17439HigDec 6, 2017
    risk 0.49cvss 7.5epss 0.03

    In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault.…

  • CVE-2017-6594HigAug 28, 2017
    risk 0.49cvss 7.5epss 0.02

    The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.

  • CVE-2018-5731HigMar 22, 2018
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning feature, a process called md.hs writes an executable called CS1.tmp to C:\windows\TEMP. Afterwards the executable is run. It is possible for an attacker to create the file first, let md.hs overwrite it, and…

  • CVE-2026-1909MedFeb 6, 2026
    risk 0.42cvss 6.4epss 0.00

    The WaveSurfer-WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's audio shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on the 'src' attribute. This makes it possible for…

  • CVE-2019-12098HigMay 15, 2019
    risk 0.41cvss 7.4epss 0.02

    In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

  • CVE-2011-2921Nov 19, 2019
    risk 0.09cvss epss 0.83

    ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.

  • CVE-2012-6303Oct 28, 2013
    risk 0.04cvss epss 0.10

    Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file.

  • CVE-2011-4862Dec 25, 2011
    risk 0.04cvss epss 0.95

    Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long…

  • CVE-2001-0034Feb 16, 2001
    risk 0.03cvss epss 0.01

    KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges.

  • CVE-2022-42898Dec 25, 2022
    risk 0.01cvss epss 0.06

    PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and…

  • CVE-2002-1235Nov 4, 2002
    risk 0.01cvss epss 0.15

    The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with…

  • CVE-2023-29487Dec 21, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module. NOTE: Heimdal asserts this is not a valid…

  • CVE-2023-29486Dec 21, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component. NOTE: Heimdal argues that the limitation…

  • CVE-2023-29485Dec 21, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module. NOTE: Heimdal…

  • CVE-2022-3116Mar 27, 2023
    risk 0.00cvss epss 0.01

    The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.

  • CVE-2022-45142Mar 6, 2023
    risk 0.00cvss epss 0.00

    The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a…

  • CVE-2022-3437Jan 12, 2023
    risk 0.00cvss epss 0.04

    A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory…

  • CVE-2021-44758Dec 26, 2022
    risk 0.00cvss epss 0.01

    Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.

  • CVE-2022-44640Dec 25, 2022
    risk 0.00cvss epss 0.02

    Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).

  • CVE-2022-41916Nov 15, 2022
    risk 0.00cvss epss 0.01

    Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party…

  • CVE-2011-2922Nov 19, 2019
    risk 0.00cvss epss 0.01

    ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the "GTK_MODULES" environment variable to possibly execute arbitrary code.

  • CVE-2019-8351Mar 21, 2019
    risk 0.00cvss epss 0.01

    Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2007-5939Dec 6, 2007
    risk 0.00cvss epss 0.04

    The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for…

  • CVE-2006-3083Aug 9, 2006
    risk 0.00cvss epss 0.01

    The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to…

  • CVE-2006-3084Aug 9, 2006
    risk 0.00cvss epss 0.00

    The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE:…

  • CVE-2006-0677Feb 14, 2006
    risk 0.00cvss epss 0.03

    telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference.

  • CVE-2006-0582Feb 8, 2006
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors.

  • CVE-2005-2040Jun 20, 2005
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in the getterminaltype function in telnetd for Heimdal before 0.6.5 may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2005-0468 and CVE-2005-0469.

  • CVE-2004-0371May 4, 2004
    risk 0.00cvss epss 0.02

    Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path.

  • CVE-2003-0138Mar 24, 2003
    risk 0.00cvss epss 0.04

    Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.

  • CVE-2002-1226Oct 28, 2002
    risk 0.00cvss epss 0.02

    Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CVE-2002-1225).

  • CVE-2002-1225Oct 28, 2002
    risk 0.00cvss epss 0.05

    Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access.

  • CVE-2002-0754Aug 12, 2002
    risk 0.00cvss epss 0.00

    Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them.

  • CVE-2002-0600Jun 18, 2002
    risk 0.00cvss epss 0.02

    Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote malicious servers to execute arbitrary code on the client via a long response to a passive (PASV) mode request.

  • CVE-2001-1444Aug 27, 2001
    risk 0.00cvss epss 0.01

    The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle…

  • CVE-2001-1443Aug 27, 2001
    risk 0.00cvss epss 0.01

    KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which allows remote attackers to read communications via a man-in-the-middle attack.

  • CVE-2001-0035Feb 16, 2001
    risk 0.00cvss epss 0.02

    Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long authentication request.

  • CVE-2001-0036Feb 16, 2001
    risk 0.00cvss epss 0.00

    KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file.

  • CVE-2001-0033Feb 16, 2001
    risk 0.00cvss epss 0.00

    KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges.

  • CVE-1999-1099Nov 22, 1996
    risk 0.00cvss epss 0.01

    Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user.