Vulnerabilities (CVE)

Filtered by vendor Mit Subscribe

Filtered by product Krb5-appl

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2011-4862	8 Debian, Fedoraproject, Freebsd and 5 more	10 Debian Linux, Fedora, Freebsd and 7 more	2021-02-09	10.0 HIGH	N/A
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
CVE-2011-1526	5 Debian, Fedoraproject, Mit and 2 more	7 Debian Linux, Fedora, Krb5-appl and 4 more	2021-02-02	6.5 MEDIUM	N/A
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.