Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-0028 10 Cray, Freebsd, Gnu and 7 more 13 Unicos, Freebsd, Glibc and 10 more 2020-01-21 7.5 HIGH N/A
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
CVE-2004-0644 1 Mit 1 Kerberos 5 2020-01-21 5.0 MEDIUM N/A
The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.
CVE-2005-0488 3 Microsoft, Mit, Sun 3 Telnet Client, Kerberos 5, Sunos 2020-01-21 5.0 MEDIUM N/A
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
CVE-2005-1174 1 Mit 1 Kerberos 5 2020-01-21 5.0 MEDIUM N/A
MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.
CVE-2005-1175 1 Mit 1 Kerberos 5 2020-01-21 7.5 HIGH N/A
Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.
CVE-2005-1689 1 Mit 1 Kerberos 5 2020-01-21 7.5 HIGH N/A
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.
CVE-2006-3083 2 Heimdal, Mit 2 Heimdal, Kerberos 5 2020-01-21 7.2 HIGH N/A
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
CVE-2006-3084 2 Heimdal, Mit 2 Heimdal, Kerberos 5 2020-01-21 7.2 HIGH N/A
The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.
CVE-2006-6143 1 Mit 1 Kerberos 5 2020-01-21 9.3 HIGH N/A
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
CVE-2007-3999 1 Mit 1 Kerberos 5 2020-01-21 10.0 HIGH N/A
Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.
CVE-2007-4000 1 Mit 1 Kerberos 5 2020-01-21 8.5 HIGH N/A
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.
CVE-2007-4743 1 Mit 1 Kerberos 5 2020-01-21 10.0 HIGH N/A
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.
CVE-2007-5972 1 Mit 1 Kerberos 5 2020-01-21 9.0 HIGH N/A
Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key.
CVE-2008-0947 1 Mit 1 Kerberos 5 2020-01-21 10.0 HIGH N/A
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.
CVE-2009-0844 1 Mit 2 Kerberos, Kerberos 5 2020-01-21 5.8 MEDIUM N/A
The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.
CVE-2009-0845 1 Mit 2 Kerberos, Kerberos 5 2020-01-21 5.0 MEDIUM N/A
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.
CVE-2009-3295 1 Mit 1 Kerberos 5 2020-01-21 5.0 MEDIUM N/A
The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.
CVE-2009-4212 1 Mit 2 Kerberos, Kerberos 5 2020-01-21 10.0 HIGH N/A
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.
CVE-2010-0283 1 Mit 2 Kerberos, Kerberos 5 2020-01-21 7.8 HIGH N/A
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.
CVE-2010-0628 1 Mit 1 Kerberos 5 2020-01-21 5.0 MEDIUM N/A
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.
CVE-2010-0629 1 Mit 2 Kerberos, Kerberos 5 2020-01-21 4.0 MEDIUM N/A
Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.
CVE-2010-1320 1 Mit 1 Kerberos 5 2020-01-21 4.0 MEDIUM N/A
Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.
CVE-2010-4021 1 Mit 1 Kerberos 5 2020-01-21 2.1 LOW N/A
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."
CVE-1999-0143 3 Mit, Process Software, Sun 4 Kerberos, Kerberos 5, Multinet and 1 more 2020-01-21 4.6 MEDIUM N/A
Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.
CVE-1999-0713 4 Cde, Digital, Mit and 1 more 4 Cde, Unix, Kerberos 5 and 1 more 2020-01-21 7.2 HIGH N/A
The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges.
CVE-2002-0036 1 Mit 1 Kerberos 5 2020-01-21 5.0 MEDIUM N/A
Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.
CVE-2003-0058 2 Mit, Sun 4 Kerberos 5, Enterprise Authentication Mechanism, Solaris and 1 more 2020-01-21 5.0 MEDIUM N/A
MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.
CVE-2003-0059 1 Mit 1 Kerberos 5 2020-01-21 7.5 HIGH N/A
Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.
CVE-2003-0060 1 Mit 1 Kerberos 5 2020-01-21 7.5 HIGH N/A
Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.
CVE-2007-3149 2 Mit, Todd Miller 2 Kerberos 5, Sudo 2020-01-21 7.2 HIGH N/A
sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo."
CVE-2007-5894 1 Mit 1 Kerberos 5 2020-01-21 9.3 HIGH N/A
** DISPUTED ** The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used. NOTE: the vendor disputes this issue, stating " The 'length' variable is only uninitialized if 'auth_type' is neither the 'KERBEROS_V4' nor 'GSSAPI'; this condition cannot occur in the unmodified source code."
CVE-2007-5902 1 Mit 1 Kerberos 5 2020-01-21 10.0 HIGH N/A
Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.
CVE-2008-0948 1 Mit 1 Kerberos 5 2020-01-21 9.3 HIGH N/A
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.
CVE-2015-3151 1 Redhat 1 Automatic Bug Reporting Tool 2020-01-21 7.2 HIGH 7.8 HIGH
Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method.
CVE-2015-3159 1 Redhat 1 Automatic Bug Reporting Tool 2020-01-21 7.2 HIGH 7.8 HIGH
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges.
CVE-2015-1869 1 Redhat 1 Automatic Bug Reporting Tool 2020-01-21 7.2 HIGH 7.8 HIGH
The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file.
CVE-2019-16466 1 Adobe 1 Experience Manager 2020-01-21 4.3 MEDIUM 6.1 MEDIUM
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2020-6955 1 Cayintech 2 Smp-pro4, Smp-pro4 Firmware 2020-01-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered on Cayin SMP-PRO4 devices. They allow image_preview.html?filename= reflected XSS.
CVE-2020-7107 1 Etoilewebdesign 1 Ultimate Faq 2020-01-21 4.3 MEDIUM 6.1 MEDIUM
The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php.
CVE-2015-6907 2020-01-21 N/A N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2020-6629 1 Libming 1 Libming 2020-01-21 4.3 MEDIUM 6.5 MEDIUM
Ming (aka libming) 0.4.8 has z NULL pointer dereference in the function decompileGETURL2() in decompile.c.
CVE-2016-6591 1 Symantec 1 Norton App Lock 2020-01-21 3.3 LOW 7.1 HIGH
A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions.
CVE-2020-6628 1 Libming 1 Libming 2020-01-21 6.8 MEDIUM 8.8 HIGH
Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c.
CVE-2011-5247 1 Prophecyinternational 1 Snare 2020-01-21 5.0 MEDIUM 7.5 HIGH
Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword.
CVE-2016-6590 1 Symantec 4 Encryption Desktop, Endpoint Encryption, Ghost Solution Suite and 1 more 2020-01-21 4.4 MEDIUM 7.8 HIGH
A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code.
CVE-2019-16271 1 Dten 4 D5, D5 Firmware, D7 and 1 more 2020-01-21 5.0 MEDIUM 5.3 MEDIUM
DTEN D5 and D7 before 1.3.2 devices allows remote attackers to read saved whiteboard image PDF documents via storage/emulated/0/Notes/PDF on TCP port 8080 without authentication.
CVE-2018-21015 1 Gpac 1 Gpac 2020-01-20 4.3 MEDIUM 6.5 MEDIUM
AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL.
CVE-2018-21016 1 Gpac 1 Gpac 2020-01-20 4.3 MEDIUM 6.5 MEDIUM
audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2019-13618 1 Gpac 1 Gpac 2020-01-20 5.0 MEDIUM 7.5 HIGH
In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c.
CVE-2019-20161 1 Gpac 1 Gpac 2020-01-20 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c.