Vulnerabilities > MIT

DATE CVE VULNERABILITY TITLE RISK
2021-02-02 CVE-2019-25018 Unspecified vulnerability in MIT Krb5-Appl
In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of .
network
low complexity
mit
7.5
2021-02-02 CVE-2019-25017 Incorrect Authorization vulnerability in MIT Krb5-Appl
An issue was discovered in rcp in MIT krb5-appl through 1.0.3.
network
high complexity
mit CWE-863
5.9
2020-11-06 CVE-2020-28196 Uncontrolled Recursion vulnerability in multiple products
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
network
low complexity
mit fedoraproject netapp oracle CWE-674
7.5
2020-07-16 CVE-2020-14000 Deserialization of Untrusted Data vulnerability in MIT Scratch-Vm
MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker.
network
low complexity
mit CWE-502
critical
9.8
2019-09-26 CVE-2019-14844 A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes".
network
low complexity
mit fedoraproject
7.5
2018-12-26 CVE-2018-20217 Reachable Assertion vulnerability in multiple products
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17.
network
high complexity
mit debian CWE-617
5.3
2018-07-26 CVE-2017-7562 An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates.
network
low complexity
redhat mit
6.5
2018-03-06 CVE-2018-5730 LDAP Injection vulnerability in multiple products
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.
network
low complexity
mit fedoraproject debian redhat CWE-90
3.8
2018-03-06 CVE-2018-5729 NULL Pointer Dereference vulnerability in multiple products
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.
network
low complexity
mit fedoraproject debian redhat CWE-476
4.7
2018-01-16 CVE-2018-5710 NULL Pointer Dereference vulnerability in MIT Kerberos
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16.
network
low complexity
mit CWE-476
6.5