Vulnerabilities > MIT
|2021-02-02||CVE-2019-25018|| Incorrect Authorization vulnerability in MIT Krb5-Appl |
In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of .
| 5.0 |
|2021-02-02||CVE-2019-25017|| Unspecified vulnerability in MIT Krb5-Appl |
An issue was discovered in rcp in MIT krb5-appl through 1.0.3.
| 5.8 |
|2020-11-06||CVE-2020-28196|| Uncontrolled Recursion vulnerability in MIT Kerberos 5 |
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
| 5.0 |
|2020-10-21||CVE-2020-7750|| Cross-Site Scripting vulnerability in MIT Scratch-Svg-Renderer 0.1.0/0.2.0 |
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008.
| 6.8 |
|2020-07-16||CVE-2020-14000|| Deserialization of Untrusted Data vulnerability in MIT Scratch-Vm |
MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker.
| 7.5 |
|2019-09-26||CVE-2019-14844||A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes".|| 5.0 |
|2018-12-26||CVE-2018-20217|| Reachable Assertion vulnerability in multiple products |
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17.
| 3.5 |
|2018-07-26||CVE-2017-7562|| Improper Authentication vulnerability in multiple products |
An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates.
| 4.0 |
|2018-03-06||CVE-2018-5730|| Ldap Injection vulnerability in multiple products |
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.
| 5.5 |
|2018-03-06||CVE-2018-5729|| Null Pointer Dereference vulnerability in multiple products |
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.
| 6.5 |