Vulnerabilities > MIT > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-28 CVE-2024-37371 In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
network
low complexity
mit debian
critical
9.1
2020-07-16 CVE-2020-14000 Deserialization of Untrusted Data vulnerability in MIT Scratch-Vm
MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker.
network
low complexity
mit CWE-502
critical
9.8
2017-11-23 CVE-2017-15088 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in MIT Kerberos 5
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions.
network
low complexity
mit CWE-119
critical
9.8
2017-09-13 CVE-2017-11462 Double Free vulnerability in multiple products
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
network
low complexity
mit fedoraproject CWE-415
critical
9.8
2008-03-19 CVE-2008-0062 Improper Initialization vulnerability in multiple products
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
network
low complexity
mit debian canonical fedoraproject CWE-665
critical
9.8
2005-07-18 CVE-2005-1689 Double Free vulnerability in multiple products
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.
network
low complexity
mit apple debian CWE-415
critical
9.8
2004-10-20 CVE-2004-0772 Double Free vulnerability in multiple products
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
network
low complexity
mit openpkg debian CWE-415
critical
9.8