Filtered by vendor Mit Subscriptions
Total 157 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2002-0036 2 Mit, Redhat 3 Kerberos 5, Enterprise Linux, Linux 2025-04-03 N/A
Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.
CVE-2002-0900 1 Mit 1 Pgp Public Key Server 2025-04-03 N/A
Buffer overflow in pks PGP public key web server before 0.9.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup capability.
CVE-2002-1652 1 Mit 1 Cgiemail 2025-04-03 N/A
Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter.
CVE-2003-0060 1 Mit 1 Kerberos 5 2025-04-03 N/A
Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.
CVE-2004-0644 2 Mit, Redhat 2 Kerberos 5, Enterprise Linux 2025-04-03 N/A
The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.
CVE-2004-1189 2 Mit, Redhat 2 Kerberos 5, Enterprise Linux 2025-04-03 N/A
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.
CVE-2005-1174 2 Mit, Redhat 2 Kerberos 5, Enterprise Linux 2025-04-03 N/A
MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.
CVE-2005-1175 2 Mit, Redhat 2 Kerberos 5, Enterprise Linux 2025-04-03 N/A
Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.
CVE-2005-0488 4 Microsoft, Mit, Redhat and 1 more 4 Telnet Client, Kerberos 5, Enterprise Linux and 1 more 2025-04-03 N/A
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
CVE-2003-0072 2 Mit, Redhat 4 Kerberos, Kerberos 5, Enterprise Linux and 1 more 2025-04-03 N/A
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").
CVE-2000-0389 3 Cygnus, Mit, Redhat 5 Cygnus Network Security, Kerbnet, Kerberos and 2 more 2025-04-03 N/A
Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.
CVE-2006-3083 3 Heimdal, Mit, Redhat 3 Heimdal, Kerberos 5, Enterprise Linux 2025-04-03 N/A
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
CVE-2000-0392 3 Cygnus, Mit, Redhat 5 Cygnus Network Security, Kerbnet, Kerberos and 2 more 2025-04-03 N/A
Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.
CVE-2000-0547 3 Cygnus Network Security Project, Kerbnet Project, Mit 4 Cygnus Network Security, Kerbnet, Kerberos and 1 more 2025-04-03 N/A
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.
CVE-2001-0247 5 Freebsd, Mit, Netbsd and 2 more 5 Freebsd, Kerberos 5, Netbsd and 2 more 2025-04-03 N/A
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
CVE-2001-0417 1 Mit 2 Kerberos, Kerberos 5 2025-04-03 N/A
Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.
CVE-2002-1575 1 Mit 1 Cgiemail 2025-04-03 N/A
cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message.
CVE-2003-0028 11 Cray, Freebsd, Gnu and 8 more 15 Unicos, Freebsd, Glibc and 12 more 2025-04-03 N/A
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
CVE-2003-0041 3 Mandrakesoft, Mit, Redhat 5 Mandrake Linux, Mandrake Multi Network Firewall, Kerberos Ftp Client and 2 more 2025-04-03 N/A
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
CVE-2003-0058 3 Mit, Redhat, Sun 6 Kerberos 5, Enterprise Linux, Linux and 3 more 2025-04-03 N/A
MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.