Vulnerabilities > MIT

DATE CVE VULNERABILITY TITLE RISK
2021-07-22 CVE-2021-36222 Null Pointer Dereference vulnerability in multiple products
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash.
network
low complexity
mit debian CWE-476
5.0
2021-05-10 CVE-2021-32471 Improper Input Validation vulnerability in MIT Universal Turing Machine
Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data.
local
low complexity
mit CWE-20
7.2
2021-02-02 CVE-2019-25018 Incorrect Authorization vulnerability in MIT Krb5-Appl
In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of .
network
low complexity
mit CWE-863
5.0
2021-02-02 CVE-2019-25017 Unspecified vulnerability in MIT Krb5-Appl
An issue was discovered in rcp in MIT krb5-appl through 1.0.3.
network
mit
5.8
2020-11-06 CVE-2020-28196 Uncontrolled Recursion vulnerability in MIT Kerberos 5
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
network
low complexity
mit CWE-674
5.0
2020-10-21 CVE-2020-7750 Cross-Site Scripting vulnerability in MIT Scratch-Svg-Renderer 0.1.0/0.2.0
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008.
network
mit CWE-79
6.8
2020-07-16 CVE-2020-14000 Deserialization of Untrusted Data vulnerability in MIT Scratch-Vm
MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker.
network
low complexity
mit CWE-502
7.5
2019-09-26 CVE-2019-14844 A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes".
network
low complexity
mit fedoraproject
5.0
2018-12-26 CVE-2018-20217 Reachable Assertion vulnerability in multiple products
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17.
network
mit debian CWE-617
3.5
2018-07-26 CVE-2017-7562 Improper Authentication vulnerability in multiple products
An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates.
network
low complexity
redhat mit CWE-287
4.0