Vulnerabilities > MIT

DATE CVE VULNERABILITY TITLE RISK
2021-02-02 CVE-2019-25018 Incorrect Authorization vulnerability in MIT Krb5-Appl
In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of .
network
low complexity
mit CWE-863
5.0
2021-02-02 CVE-2019-25017 Unspecified vulnerability in MIT Krb5-Appl
An issue was discovered in rcp in MIT krb5-appl through 1.0.3.
network
mit
5.8
2020-11-06 CVE-2020-28196 Uncontrolled Recursion vulnerability in multiple products
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
network
low complexity
mit fedoraproject netapp oracle CWE-674
7.5
2020-10-21 CVE-2020-7750 Cross-site Scripting vulnerability in MIT Scratch-Svg-Renderer 0.1.0/0.2.0
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008.
network
mit CWE-79
6.8
2020-07-16 CVE-2020-14000 Deserialization of Untrusted Data vulnerability in MIT Scratch-Vm
MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker.
network
low complexity
mit CWE-502
7.5
2019-09-26 CVE-2019-14844 Function Call with Incorrectly Specified Arguments vulnerability in multiple products
A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes".
network
low complexity
mit fedoraproject CWE-628
7.5
2018-12-26 CVE-2018-20217 Reachable Assertion vulnerability in multiple products
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17.
network
high complexity
mit debian CWE-617
5.3
2018-07-26 CVE-2017-7562 Improper Certificate Validation vulnerability in multiple products
An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates.
network
low complexity
redhat mit CWE-295
6.5
2018-03-06 CVE-2018-5730 LDAP Injection vulnerability in multiple products
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.
network
low complexity
mit fedoraproject debian redhat CWE-90
3.8
2018-03-06 CVE-2018-5729 NULL Pointer Dereference vulnerability in multiple products
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.
network
low complexity
mit fedoraproject debian redhat CWE-476
4.7