Vulnerabilities > MIT > Kerberos 5 > 1.19.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-28 | CVE-2024-37371 | In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. | 9.1 |
| 2024-06-28 | CVE-2024-37370 | Unspecified vulnerability in MIT Kerberos 5 In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. | 7.5 |
| 2023-08-07 | CVE-2023-36054 | Access of Uninitialized Pointer vulnerability in multiple products lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. | 6.5 |