Vulnerabilities > MIT
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-25 | CVE-2022-42898 | Integer Overflow or Wraparound vulnerability in multiple products PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. | 8.8 |
| 2022-08-30 | CVE-2022-39028 | NULL Pointer Dereference vulnerability in multiple products telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. | 7.5 |
| 2022-01-06 | CVE-2020-27428 | Cross-site Scripting vulnerability in MIT Scratch-Svg-Renderer 0.2.0 A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file. | 4.3 |
| 2021-08-23 | CVE-2021-37750 | NULL Pointer Dereference vulnerability in multiple products The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. | 6.5 |
| 2021-07-22 | CVE-2021-36222 | NULL Pointer Dereference vulnerability in multiple products ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. | 5.0 |
| 2021-05-10 | CVE-2021-32471 | Improper Input Validation vulnerability in MIT Universal Turing Machine Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. | 7.2 |
| 2021-02-02 | CVE-2019-25018 | Incorrect Authorization vulnerability in MIT Krb5-Appl In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . | 5.0 |
| 2021-02-02 | CVE-2019-25017 | Unspecified vulnerability in MIT Krb5-Appl An issue was discovered in rcp in MIT krb5-appl through 1.0.3. network mit | 5.8 |
| 2020-11-06 | CVE-2020-28196 | Uncontrolled Recursion vulnerability in multiple products MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. | 5.0 |
| 2020-10-21 | CVE-2020-7750 | Cross-site Scripting vulnerability in MIT Scratch-Svg-Renderer 0.1.0/0.2.0 This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. | 6.8 |