Filtered by vendor Mit
Subscriptions
Filtered by product Kerberos
Subscriptions
Total
33 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-5354 | 1 Mit | 2 Kerberos, Kerberos 5 | 2025-04-12 | N/A |
| plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin "add_principal -nokey" or "purgekeys -all" command. | ||||
| CVE-2014-4342 | 3 Debian, Mit, Redhat | 8 Debian Linux, Kerberos, Kerberos 5 and 5 more | 2025-04-12 | N/A |
| MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session. | ||||
| CVE-2011-0281 | 2 Mit, Redhat | 3 Kerberos, Kerberos 5, Enterprise Linux | 2025-04-11 | N/A |
| The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \n sequence. | ||||
| CVE-2010-1323 | 2 Mit, Redhat | 3 Kerberos, Kerberos 5, Enterprise Linux | 2025-04-11 | N/A |
| MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys. | ||||
| CVE-2010-0283 | 1 Mit | 2 Kerberos, Kerberos 5 | 2025-04-11 | N/A |
| The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request. | ||||
| CVE-2013-6800 | 2 Mit, Redhat | 3 Kerberos, Kerberos 5, Enterprise Linux | 2025-04-11 | N/A |
| An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418. | ||||
| CVE-2011-0282 | 2 Mit, Redhat | 3 Kerberos, Kerberos 5, Enterprise Linux | 2025-04-11 | N/A |
| The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name. | ||||
| CVE-2009-0845 | 2 Mit, Redhat | 3 Kerberos, Kerberos 5, Enterprise Linux | 2025-04-09 | N/A |
| The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token. | ||||
| CVE-2009-0844 | 2 Mit, Redhat | 3 Kerberos, Kerberos 5, Enterprise Linux | 2025-04-09 | N/A |
| The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read. | ||||
| CVE-2009-0847 | 1 Mit | 1 Kerberos | 2025-04-09 | N/A |
| The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic. | ||||
| CVE-2009-4212 | 2 Mit, Redhat | 4 Kerberos, Kerberos 5, Enterprise Linux and 1 more | 2025-04-09 | N/A |
| Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. | ||||
| CVE-2001-0554 | 10 Debian, Freebsd, Ibm and 7 more | 12 Debian Linux, Freebsd, Aix and 9 more | 2025-04-03 | N/A |
| Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. | ||||
| CVE-2003-0139 | 2 Mit, Redhat | 3 Kerberos, Enterprise Linux, Linux | 2025-04-03 | N/A |
| Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing." | ||||
| CVE-2004-0523 | 5 Mit, Redhat, Sgi and 2 more | 8 Kerberos, Kerberos 5, Enterprise Linux and 5 more | 2025-04-03 | N/A |
| Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root. | ||||
| CVE-2000-0548 | 3 Cygnus Network Security Project, Kerbnet Project, Mit | 4 Cygnus Network Security, Kerbnet, Kerberos and 1 more | 2025-04-03 | N/A |
| Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function. | ||||
| CVE-2000-0546 | 3 Cygnus Network Security Project, Kerbnet Project, Mit | 4 Cygnus Network Security, Kerbnet, Kerberos and 1 more | 2025-04-03 | N/A |
| Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function. | ||||
| CVE-2000-0549 | 2 Cygnus, Mit | 4 Cygnus Network Security, Kerbnet, Kerberos and 1 more | 2025-04-03 | N/A |
| Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request. | ||||
| CVE-1999-0143 | 3 Mit, Process Software, Sun | 4 Kerberos, Kerberos 5, Multinet and 1 more | 2025-04-03 | N/A |
| Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys. | ||||
| CVE-2000-0547 | 3 Cygnus Network Security Project, Kerbnet Project, Mit | 4 Cygnus Network Security, Kerbnet, Kerberos and 1 more | 2025-04-03 | N/A |
| Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function. | ||||
| CVE-2000-0392 | 3 Cygnus, Mit, Redhat | 5 Cygnus Network Security, Kerbnet, Kerberos and 2 more | 2025-04-03 | N/A |
| Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges. | ||||