Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mit vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-45675
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed t...
Nothings Stb Vorbis.c 1.22
NA
CVE-2023-45677
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` success...
Nothings Stb Vorbis.c 1.22
NA
CVE-2023-45678
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This iss...
Nothings Stb Vorbis.c 1.22
NA
CVE-2023-45679
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `set...
Nothings Stb Vorbis.c 1.22
NA
CVE-2023-45680
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not re...
Nothings Stb Vorbis.c 1.22
NA
CVE-2023-39975
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 prior to 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
Mit Kerberos 5
NA
CVE-2023-36054
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) prior to 1.20.2 and 1.21.x prior to 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_...
Mit Kerberos 5 1.21
Mit Kerberos 5
Debian Debian Linux 10.0
Netapp Hci -
Netapp Active Iq Unified Manager -
Netapp Management Services For Element Software -
Netapp Ontap Tools -
Netapp Clustered Data Ontap 9.0
1 Github repository
NA
CVE-2022-45142
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branch...
Heimdal Project Heimdal 7.8.0
Heimdal Project Heimdal 7.7.1
NA
CVE-2022-3437
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory w...
Samba Samba
Fedoraproject Fedora 36
Fedoraproject Fedora 37
NA
CVE-2021-44758
Heimdal prior to 7.7.1 allows malicious users to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.
Heimdal Project Heimdal
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »