Vulnerabilities > MIT
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-03-24 | CVE-2003-0138 | Unspecified vulnerability in MIT Kerberos 4 Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack. | 7.5 |
| 2003-02-19 | CVE-2003-0060 | Remote Format String vulnerability in MIT Kerberos Key Distribution Center Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names. | 7.5 |
| 2003-02-19 | CVE-2003-0059 | Unspecified vulnerability in MIT Kerberos 5 1.2.1/1.2.2 Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys. | 7.5 |
| 2003-02-19 | CVE-2003-0058 | Denial of Service vulnerability in Kerberos Key Distribution Center MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference. | 5.0 |
| 2003-02-19 | CVE-2002-0036 | Unspecified vulnerability in MIT Kerberos 5 Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value. | 5.0 |
| 2002-12-31 | CVE-2002-1652 | Remote Buffer Overflow vulnerability in MIT Cgiemail 1.6 Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter. | 7.5 |
| 2002-11-04 | CVE-2002-1235 | Remote Buffer Overflow vulnerability in Multiple Vendor kadmind The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack. | 10.0 |
| 2002-10-04 | CVE-2002-0900 | Remote Buffer Overflow vulnerability in MIT PGP Public Key Server Search String Buffer overflow in pks PGP public key web server before 0.9.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup capability. | 7.5 |
| 2001-08-14 | CVE-2001-0554 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. | 10.0 |
| 2001-06-27 | CVE-2001-0417 | Local Security vulnerability in Kerberos 5 Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files. | 2.1 |