Vulnerabilities > MIT
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-10 | CVE-2021-32471 | Improper Input Validation vulnerability in MIT Universal Turing Machine Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. | 7.8 |
| 2021-02-02 | CVE-2019-25018 | Unspecified vulnerability in MIT Krb5-Appl In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . | 7.5 |
| 2021-02-02 | CVE-2019-25017 | Incorrect Authorization vulnerability in MIT Krb5-Appl An issue was discovered in rcp in MIT krb5-appl through 1.0.3. | 5.9 |
| 2020-11-06 | CVE-2020-28196 | Uncontrolled Recursion vulnerability in multiple products MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. | 7.5 |
| 2020-07-16 | CVE-2020-14000 | Deserialization of Untrusted Data vulnerability in MIT Scratch-Vm MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker. | 9.8 |
| 2019-09-26 | CVE-2019-14844 | A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". | 7.5 |
| 2018-12-26 | CVE-2018-20217 | Reachable Assertion vulnerability in multiple products A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. | 5.3 |
| 2018-07-26 | CVE-2017-7562 | An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. | 6.5 |
| 2018-03-06 | CVE-2018-5730 | LDAP Injection vulnerability in multiple products MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. | 3.8 |
| 2018-03-06 | CVE-2018-5729 | NULL Pointer Dereference vulnerability in multiple products MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module. | 4.7 |