Vulnerabilities > MIT > Kerberos > 4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-26 | CVE-2018-20217 | Reachable Assertion vulnerability in multiple products A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. | 5.3 |
2018-01-16 | CVE-2018-5710 | NULL Pointer Dereference vulnerability in MIT Kerberos An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. | 6.5 |
2018-01-16 | CVE-2018-5709 | Integer Overflow or Wraparound vulnerability in MIT Kerberos An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. | 7.5 |
2003-03-24 | CVE-2003-0139 | Remote Security vulnerability in MIT Kerberos 4 Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing." | 7.5 |
2003-03-24 | CVE-2003-0138 | Unspecified vulnerability in MIT Kerberos 4 Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack. | 7.5 |
2001-06-27 | CVE-2001-0417 | Local Security vulnerability in Kerberos 5 Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files. | 2.1 |
2000-06-09 | CVE-2000-0548 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function. | 5.0 |
2000-06-09 | CVE-2000-0547 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function. | 5.0 |
2000-06-09 | CVE-2000-0546 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function. | 5.0 |