Vulnerabilities > MIT
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-1189 | Out-Of-Bounds Write vulnerability in MIT Kerberos 5 The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow. | 7.2 |
| 2004-10-20 | CVE-2004-0772 | Double Free vulnerability in multiple products Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code. | 9.8 |
| 2004-09-28 | CVE-2004-0644 | Denial Of Service vulnerability in MIT Kerberos 5 ASN.1 Decoder The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding. | 5.0 |
| 2004-09-28 | CVE-2004-0643 | Double Free vulnerability in multiple products Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code. | 4.6 |
| 2004-08-18 | CVE-2004-0523 | Principal Name Buffer Overrun vulnerability in MIT Kerberos 5 KRB5_AName_To_Localname Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root. | 10.0 |
| 2004-03-03 | CVE-2002-1575 | Unspecified vulnerability in MIT Cgiemail 1.6 cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message. | 5.0 |
| 2003-04-02 | CVE-2003-0082 | Buffer Underrun vulnerability in MIT Kerberos 5 Principal Name The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun"). | 5.0 |
| 2003-04-02 | CVE-2003-0072 | Buffer Overflow vulnerability in MIT Kerberos 5 Principal Name The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun"). | 5.0 |
| 2003-03-25 | CVE-2003-0028 | Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. | 7.5 |
| 2003-03-24 | CVE-2003-0139 | Remote Security vulnerability in MIT Kerberos 4 Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing." | 7.5 |