Vulnerabilities > MIT

DATE CVE VULNERABILITY TITLE RISK
2024-06-28 CVE-2024-37371 In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
network
low complexity
mit debian
critical
9.1
2024-06-28 CVE-2024-37370 Unspecified vulnerability in MIT Kerberos 5
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
network
low complexity
mit
7.5
2023-08-16 CVE-2023-39975 Double Free vulnerability in MIT Kerberos 5 1.21/1.21.1
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure.
network
low complexity
mit CWE-415
8.8
2023-08-07 CVE-2023-36054 Access of Uninitialized Pointer vulnerability in multiple products
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer.
network
low complexity
mit debian netapp CWE-824
6.5
2022-12-25 CVE-2022-42898 Integer Overflow or Wraparound vulnerability in multiple products
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms.
network
low complexity
mit heimdal-project samba CWE-190
8.8
2022-08-30 CVE-2022-39028 NULL Pointer Dereference vulnerability in multiple products
telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8.
network
low complexity
gnu mit debian netkit-telnet-project CWE-476
7.5
2022-01-06 CVE-2020-27428 Cross-site Scripting vulnerability in MIT Scratch-Svg-Renderer 0.2.0
A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file.
network
low complexity
mit CWE-79
6.1
2021-08-23 CVE-2021-37750 NULL Pointer Dereference vulnerability in multiple products
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
6.5
2021-07-22 CVE-2021-36222 NULL Pointer Dereference vulnerability in multiple products
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash.
network
low complexity
mit debian netapp oracle CWE-476
7.5
2021-05-10 CVE-2021-32471 Improper Input Validation vulnerability in MIT Universal Turing Machine
Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data.
local
low complexity
mit CWE-20
7.8