Filtered by vendor Mit
Subscribe
Total
154 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-0713 | 4 Cde, Digital, Mit and 1 more | 4 Cde, Unix, Kerberos 5 and 1 more | 2024-02-28 | 7.2 HIGH | N/A |
The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges. | |||||
CVE-2003-0139 | 1 Mit | 1 Kerberos | 2024-02-28 | 7.5 HIGH | N/A |
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing." | |||||
CVE-2003-0072 | 1 Mit | 2 Kerberos, Kerberos 5 | 2024-02-28 | 5.0 MEDIUM | N/A |
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun"). | |||||
CVE-2000-0549 | 2 Cygnus, Mit | 4 Cygnus Network Security, Kerbnet, Kerberos and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request. | |||||
CVE-1999-0143 | 3 Mit, Process Software, Sun | 4 Kerberos, Kerberos 5, Multinet and 1 more | 2024-02-28 | 4.6 MEDIUM | N/A |
Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys. | |||||
CVE-2004-0642 | 3 Debian, Mit, Redhat | 5 Debian Linux, Kerberos 5, Enterprise Linux Desktop and 2 more | 2024-02-28 | 7.5 HIGH | N/A |
Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code. | |||||
CVE-2002-1652 | 1 Mit | 1 Cgiemail | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter. | |||||
CVE-2003-0138 | 1 Mit | 1 Kerberos | 2024-02-28 | 7.5 HIGH | N/A |
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack. | |||||
CVE-2000-0389 | 3 Cygnus, Mit, Redhat | 5 Cygnus Network Security, Kerbnet, Kerberos and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges. | |||||
CVE-2004-0643 | 3 Debian, Mit, Redhat | 5 Debian Linux, Kerberos 5, Enterprise Linux Desktop and 2 more | 2024-02-28 | 4.6 MEDIUM | N/A |
Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code. | |||||
CVE-2001-1323 | 1 Mit | 1 Kerberos 5 | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob function. | |||||
CVE-2000-0390 | 3 Cygnus, Mit, Redhat | 5 Cygnus Network Security, Kerbnet, Kerberos and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges. | |||||
CVE-2002-0900 | 1 Mit | 1 Pgp Public Key Server | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in pks PGP public key web server before 0.9.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup capability. | |||||
CVE-2001-0247 | 5 Freebsd, Mit, Netbsd and 2 more | 5 Freebsd, Kerberos 5, Netbsd and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3. | |||||
CVE-2000-0392 | 3 Cygnus, Mit, Redhat | 5 Cygnus Network Security, Kerbnet, Kerberos and 2 more | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges. | |||||
CVE-2004-0644 | 1 Mit | 1 Kerberos 5 | 2024-02-28 | 5.0 MEDIUM | N/A |
The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding. | |||||
CVE-2002-1575 | 1 Mit | 1 Cgiemail | 2024-02-28 | 5.0 MEDIUM | N/A |
cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message. | |||||
CVE-1999-1321 | 1 Mit | 1 Kerberos | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing. | |||||
CVE-2000-0391 | 3 Cygnus, Mit, Redhat | 5 Cygnus Network Security, Kerbnet, Kerberos and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges. | |||||
CVE-2000-0514 | 1 Mit | 1 Kerberos 5 | 2024-02-28 | 10.0 HIGH | N/A |
GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges. |