Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mit vulnerabilities and exploits
(subscribe to this query)
7
CVSSv3
CVE-2017-2624
It was found that xorg-x11-server prior to 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is...
X.org Xorg-server
Debian Debian Linux 7.0
6.5
CVSSv3
CVE-2023-36054
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) prior to 1.20.2 and 1.21.x prior to 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_...
Mit Kerberos 5 1.21
Mit Kerberos 5
Debian Debian Linux 10.0
Netapp Hci -
Netapp Active Iq Unified Manager -
Netapp Management Services For Element Software -
Netapp Ontap Tools -
Netapp Clustered Data Ontap 9.0
1 Github repository
6.5
CVSSv3
CVE-2022-3437
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory w...
Samba Samba
Fedoraproject Fedora 36
Fedoraproject Fedora 37
6.5
CVSSv3
CVE-2021-3671
A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.
Samba Samba
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Ontap Select Deploy Administration Utility -
Netapp Management Services For Element Software -
Netapp Management Services For Netapp Hci -
6.5
CVSSv3
CVE-2021-37750
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) prior to 1.18.5 and 1.19.x prior to 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
Mit Kerberos 5
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Starwindsoftware Starwind Virtual San V8r13
Oracle Communications Cloud Native Core Network Slice Selection Function 22.1.0
6.5
CVSSv3
CVE-2018-5710
An issue exists in MIT Kerberos 5 (aka krb5) up to and including 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote...
Mit Kerberos
6.5
CVSSv3
CVE-2016-3120
The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) prior to 1.13.6 and 1.4.x prior to 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users ...
Mit Kerberos 5 1.13
Mit Kerberos 5 1.13.1
Mit Kerberos 5 1.13.2
Mit Kerberos 5 1.13.3
Mit Kerberos 5 1.13.4
Mit Kerberos 5 1.13.5
Mit Kerberos 5 1.13.6
Mit Kerberos 5 1.14
Mit Kerberos 5 1.14.1
Mit Kerberos 5 1.14.2
6.5
CVSSv3
CVE-2010-0629
Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 up to and including 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version nu...
Mit Kerberos 5
Fedoraproject Fedora 11
Opensuse Opensuse 11.1
Opensuse Opensuse 11.0
Suse Linux Enterprise 11.0
Canonical Ubuntu Linux 9.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 8.04
6.3
CVSSv3
CVE-2010-4020
MIT Kerberos 5 (aka krb5) 1.8.x up to and including 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that r...
Mit Kerberos 5 1.8
Mit Kerberos 5 1.8.3
Mit Kerberos 5 1.8.1
Mit Kerberos 5 1.8.2
6.1
CVSSv3
CVE-2020-27428
A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted sb3 file.
Mit Scratch-svg-renderer 0.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »