Vulnerabilities > MIT > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-28 | CVE-2024-37371 | In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. | 9.1 |
| 2020-10-21 | CVE-2020-7750 | Cross-site Scripting vulnerability in MIT Scratch-Svg-Renderer 0.1.0/0.2.0 This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. | 9.6 |
| 2020-07-16 | CVE-2020-14000 | Deserialization of Untrusted Data vulnerability in MIT Scratch-Vm MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker. | 9.8 |
| 2017-11-23 | CVE-2017-15088 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in MIT Kerberos 5 plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. | 9.8 |
| 2017-09-13 | CVE-2017-11462 | Double Free vulnerability in multiple products Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. | 9.8 |
| 2008-03-19 | CVE-2008-0062 | Improper Initialization vulnerability in multiple products KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. | 9.8 |
| 2005-07-18 | CVE-2005-1689 | Double Free vulnerability in multiple products Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions. | 9.8 |
| 2004-10-20 | CVE-2004-0772 | Double Free vulnerability in multiple products Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code. | 9.8 |