Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mit vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-42898
PAC parsing in MIT Kerberos 5 (aka krb5) prior to 1.19.4 and 1.20.x prior to 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and...
Mit Kerberos 5
Mit Kerberos 5 1.20
Heimdal Project Heimdal
Samba Samba
755
VMScore
CVE-2002-0900
Buffer overflow in pks PGP public key web server prior to 0.9.5 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup capability.
Mit Pgp Public Key Server 0.9.2
Mit Pgp Public Key Server 0.9.4
1 EDB exploit
447
VMScore
CVE-2018-5709
An issue exists in MIT Kerberos 5 (aka krb5) up to and including 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. A...
Mit Kerberos
356
VMScore
CVE-2018-5710
An issue exists in MIT Kerberos 5 (aka krb5) up to and including 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote...
Mit Kerberos
614
VMScore
CVE-2007-5901
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.
Mit Kerberos 5
614
VMScore
CVE-2007-5971
Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.
Mit Kerberos 5
755
VMScore
CVE-2002-1652
Buffer overflow in cgicso.c for cgiemail 1.6 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter.
Mit Cgiemail 1.6
1 EDB exploit
445
VMScore
CVE-2002-1575
cgiemail allows remote malicious users to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message.
Mit Cgiemail 1.6
NA
CVE-2023-39975
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 prior to 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
Mit Kerberos 5
517
VMScore
CVE-2019-25017
An issue exists in rcp in MIT krb5-appl up to and including 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (o...
Mit Krb5-appl
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »