Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mit vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2019-25018
In the rcp client in MIT krb5-appl up to and including 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on th...
Mit Krb5-appl
445
VMScore
CVE-2020-28196
MIT Kerberos 5 (aka krb5) prior to 1.17.2 and 1.18.x prior to 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
Mit Kerberos 5
Fedoraproject Fedora 31
Netapp Cloud Backup -
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
Oracle Communications Offline Mediation Controller 12.0.0.3.0
Oracle Mysql Server
Oracle Communications Pricing Design Center 12.0.0.3.0
Oracle Communications Cloud Native Core Policy 1.14.0
605
VMScore
CVE-2020-7750
This affects the package scratch-svg-renderer prior to 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.
Mit Scratch-svg-renderer 0.1.0
Mit Scratch-svg-renderer 0.2.0
668
VMScore
CVE-2020-14000
MIT Lifelong Kindergarten Scratch scratch-vm prior to 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a wo...
Mit Scratch-vm
668
VMScore
CVE-2020-10595
pam-krb5 prior to 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to...
Pam-krb5 Project Pam-krb5
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
445
VMScore
CVE-2019-14844
A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.
Mit Kerberos 5
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
534
VMScore
CVE-2018-16860
A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and ...
Samba Samba
Heimdal Project Heimdal
516
VMScore
CVE-2019-12098
In the client side of Heimdal prior to 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.
Heimdal Project Heimdal
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Debian Debian Linux 9.0
312
VMScore
CVE-2018-20217
A Reachable Assertion issue exists in the KDC in MIT Kerberos 5 (aka krb5) prior to 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
Mit Kerberos
Debian Debian Linux 8.0
Debian Debian Linux 9.0
383
VMScore
CVE-2018-16853
Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experime...
Samba Samba
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »