Vulnerabilities > MIT
|2021-08-23||CVE-2021-37750|| NULL Pointer Dereference vulnerability in multiple products |
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
| 4.0 |
|2021-07-22||CVE-2021-36222|| NULL Pointer Dereference vulnerability in multiple products |
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash.
| 5.0 |
|2021-05-10||CVE-2021-32471|| Improper Input Validation vulnerability in MIT Universal Turing Machine |
Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data.
| 7.2 |
|2021-02-02||CVE-2019-25017|| Unspecified vulnerability in MIT Krb5-Appl |
An issue was discovered in rcp in MIT krb5-appl through 1.0.3.
| 5.8 |
|2021-02-02||CVE-2019-25018|| Incorrect Authorization vulnerability in MIT Krb5-Appl |
In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of .
| 5.0 |
|2020-11-06||CVE-2020-28196|| Uncontrolled Recursion vulnerability in MIT Kerberos 5 |
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
| 5.0 |
|2020-10-21||CVE-2020-7750|| Cross-site Scripting vulnerability in MIT Scratch-Svg-Renderer 0.1.0/0.2.0 |
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008.
| 6.8 |
|2020-07-16||CVE-2020-14000|| Deserialization of Untrusted Data vulnerability in MIT Scratch-Vm |
MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker.
| 7.5 |
|2019-09-26||CVE-2019-14844||A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes".|| 5.0 |
|2018-12-26||CVE-2018-20217|| Reachable Assertion vulnerability in multiple products |
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17.
| 3.5 |