Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Kerberos_5
(Mit)| Repositories | https://github.com/krb5/krb5 |
| #Vulnerabilities | 139 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2004-09-28 | CVE-2004-0644 | The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding. | Kerberos_5 | N/A | ||
| 2004-08-18 | CVE-2004-0523 | Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root. | Kerberos, Kerberos_5, Propack, Seam, Solaris, Sunos, Tinysofa_enterprise_server | N/A | ||
| 2003-04-02 | CVE-2003-0082 | The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun"). | Kerberos, Kerberos_5 | N/A | ||
| 2003-04-02 | CVE-2003-0072 | The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun"). | Kerberos, Kerberos_5 | N/A | ||
| 2003-02-19 | CVE-2003-0060 | Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names. | Kerberos_5 | N/A | ||
| 2003-02-19 | CVE-2003-0059 | Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys. | Kerberos_5 | N/A | ||
| 2003-02-19 | CVE-2003-0058 | MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference. | Kerberos_5, Enterprise_authentication_mechanism, Solaris, Sunos | N/A | ||
| 2003-03-25 | CVE-2003-0028 | Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. | Unicos, Freebsd, Glibc, Hp\-Ux, Hp\-Ux_series_700, Hp\-Ux_series_800, Aix, Kerberos_5, Openafs, Openbsd, Irix, Solaris, Sunos | N/A | ||
| 2003-02-19 | CVE-2002-0036 | Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value. | Kerberos_5 | N/A | ||
| 2001-06-27 | CVE-2001-0417 | Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files. | Kerberos, Kerberos_5 | N/A |