Filtered by vendor Mit
Subscribe
Total
154 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37371 | 2 Debian, Mit | 2 Debian Linux, Kerberos 5 | 2024-11-21 | N/A | 9.1 CRITICAL |
| In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. | |||||
| CVE-2024-37370 | 1 Mit | 1 Kerberos 5 | 2024-11-21 | N/A | 7.5 HIGH |
| In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. | |||||
| CVE-2023-39975 | 1 Mit | 1 Kerberos 5 | 2024-11-21 | N/A | 8.8 HIGH |
| kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another. | |||||
| CVE-2023-36054 | 3 Debian, Mit, Netapp | 7 Debian Linux, Kerberos 5, Active Iq Unified Manager and 4 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. | |||||
| CVE-2022-42898 | 3 Heimdal Project, Mit, Samba | 3 Heimdal, Kerberos 5, Samba | 2024-11-21 | N/A | 8.8 HIGH |
| PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug." | |||||
| CVE-2022-39028 | 4 Debian, Gnu, Mit and 1 more | 4 Debian Linux, Inetutils, Kerberos 5 and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. | |||||
| CVE-2021-37750 | 5 Debian, Fedoraproject, Mit and 2 more | 5 Debian Linux, Fedora, Kerberos 5 and 2 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. | |||||
| CVE-2021-36222 | 4 Debian, Mit, Netapp and 1 more | 7 Debian Linux, Kerberos 5, Active Iq Unified Manager and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. | |||||
| CVE-2021-32471 | 1 Mit | 1 Universal Turing Machine | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. For example, a tape head may have an unexpected location after the processing of input composed of As and Bs (instead of 0s and 1s). NOTE: the discoverer states "this vulnerability has no real-world implications." | |||||
| CVE-2020-7750 | 1 Mit | 1 Scratch-svg-renderer | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function. | |||||
| CVE-2020-28196 | 4 Fedoraproject, Mit, Netapp and 1 more | 11 Fedora, Kerberos 5, Active Iq Unified Manager and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. | |||||
| CVE-2020-27428 | 1 Mit | 1 Scratch-svg-renderer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file. | |||||
| CVE-2020-14000 | 1 Mit | 1 Scratch-vm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker. The responsible code is getExtensionIdForOpcode in serialization/sb3.js. The use of _ is incompatible with a protection mechanism in older versions, in which URLs were split and consequently deserialization attacks were prevented. NOTE: the scratch.mit.edu hosted service is not affected because of the lack of worker scripts. | |||||
| CVE-2019-25018 | 1 Mit | 1 Krb5-appl | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. | |||||
| CVE-2019-25017 | 1 Mit | 1 Krb5-appl | 2024-11-21 | 5.8 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious rcp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rcp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). This issue is similar to CVE-2019-6111 and CVE-2019-7283. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. | |||||
| CVE-2019-14844 | 2 Fedoraproject, Mit | 2 Fedora, Kerberos 5 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC. | |||||
| CVE-2018-5730 | 4 Debian, Fedoraproject, Mit and 1 more | 6 Debian Linux, Fedora, Kerberos 5 and 3 more | 2024-11-21 | 5.5 MEDIUM | 3.8 LOW |
| MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. | |||||
| CVE-2018-5729 | 4 Debian, Fedoraproject, Mit and 1 more | 6 Debian Linux, Fedora, Kerberos 5 and 3 more | 2024-11-21 | 6.5 MEDIUM | 4.7 MEDIUM |
| MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module. | |||||
| CVE-2018-5710 | 1 Mit | 1 Kerberos | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client. | |||||
| CVE-2018-5709 | 1 Mit | 1 Kerberos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. | |||||