Filtered by vendor Mit
Subscriptions
Total
152 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-1999-0713 | 4 Cde, Digital, Mit and 1 more | 4 Cde, Unix, Kerberos 5 and 1 more | 2020-01-21 | N/A |
The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges. | ||||
CVE-2007-5902 | 1 Mit | 1 Kerberos 5 | 2020-01-21 | N/A |
Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request. | ||||
CVE-2003-0139 | 1 Mit | 1 Kerberos | 2018-10-19 | N/A |
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing." | ||||
CVE-2003-0138 | 1 Mit | 1 Kerberos | 2018-10-19 | N/A |
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack. | ||||
CVE-2007-5971 | 2 Apple, Mit | 3 Mac Os X, Mac Os X Server, Kerberos 5 | 2018-10-15 | N/A |
Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. | ||||
CVE-2009-0847 | 1 Mit | 1 Kerberos | 2018-10-10 | N/A |
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic. | ||||
CVE-2011-1530 | 1 Mit | 1 Mit Kerberos | 2018-10-09 | N/A |
The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error. | ||||
CVE-2007-5901 | 2 Apple, Mit | 3 Mac Os X, Mac Os X Server, Kerberos 5 | 2017-09-29 | N/A |
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. | ||||
CVE-2002-1652 | 1 Mit | 1 Cgiemail | 2017-07-11 | N/A |
Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter. | ||||
CVE-2002-1575 | 1 Mit | 1 Cgiemail | 2017-07-11 | N/A |
cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message. | ||||
CVE-2002-0900 | 1 Mit | 1 Pgp Public Key Server | 2008-09-05 | N/A |
Buffer overflow in pks PGP public key web server before 0.9.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup capability. | ||||
CVE-1999-1321 | 1 Mit | 1 Kerberos | 2008-09-05 | N/A |
Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing. |