Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mit vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2007-5894
The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under ...
Mit Kerberos 5 -
NA
CVE-2023-39975
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 prior to 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
Mit Kerberos 5
7.5
CVSSv2
CVE-2003-0138
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an malicious user to impersonate any principal in a realm via a chosen-plaintext attack.
Mit Kerberos 4
7.5
CVSSv2
CVE-2003-0139
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an malicious user to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ti...
Mit Kerberos 4
5
CVSSv2
CVE-2006-6144
The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 up to and including 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote malicious users to cause a denial of service (crash) via...
Mit Kerberos 5
7.2
CVSSv2
CVE-2004-1189
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds er...
Mit Kerberos 5
5
CVSSv2
CVE-2012-1016
The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) prior to 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows r...
Mit Kerberos 5
7.5
CVSSv2
CVE-1999-1321
Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote malicious users to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing.
Mit Kerberos V
10
CVSSv2
CVE-2007-5902
Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote malicious users to have an unknown impact via a large length value for a GSS client name in an RPC request.
Mit Kerberos 5 -
5.8
CVSSv2
CVE-2019-25017
An issue exists in rcp in MIT krb5-appl up to and including 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (o...
Mit Krb5-appl
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »