Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-0285

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-15 Apr, 2011 | 00:00
Updated At-06 Aug, 2024 | 21:51
Rejected At-
Credits

The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:15 Apr, 2011 | 00:00
Updated At:06 Aug, 2024 | 21:51
Rejected At:
▼CVE Numbering Authority (CNA)

The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/517484/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt
x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2011-0447.html
vendor-advisory
x_refsource_REDHAT
http://www.securityfocus.com/bid/47310
vdb-entry
x_refsource_BID
http://secunia.com/advisories/44181
third-party-advisory
x_refsource_SECUNIA
http://www.securitytracker.com/id?1025320
vdb-entry
x_refsource_SECTRACK
https://hermes.opensuse.org/messages/8086843
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/44125
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/44196
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/0997
vdb-entry
x_refsource_VUPEN
http://osvdb.org/71789
vdb-entry
x_refsource_OSVDB
http://www.vupen.com/english/advisories/2011/0936
vdb-entry
x_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDVSA-2011:077
vendor-advisory
x_refsource_MANDRIVA
http://www.vupen.com/english/advisories/2011/0986
vdb-entry
x_refsource_VUPEN
http://securityreason.com/securityalert/8200
third-party-advisory
x_refsource_SREASON
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058181.html
vendor-advisory
x_refsource_FEDORA
http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899
x_refsource_CONFIRM
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/archive/1/517484/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0447.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securityfocus.com/bid/47310
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/44181
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securitytracker.com/id?1025320
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://hermes.opensuse.org/messages/8086843
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/44125
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/44196
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2011/0997
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://osvdb.org/71789
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.vupen.com/english/advisories/2011/0936
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:077
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.vupen.com/english/advisories/2011/0986
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://securityreason.com/securityalert/8200
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058181.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899
Resource:
x_refsource_CONFIRM
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/517484/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt
x_refsource_CONFIRM
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-0447.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securityfocus.com/bid/47310
vdb-entry
x_refsource_BID
x_transferred
http://secunia.com/advisories/44181
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securitytracker.com/id?1025320
vdb-entry
x_refsource_SECTRACK
x_transferred
https://hermes.opensuse.org/messages/8086843
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/44125
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/44196
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2011/0997
vdb-entry
x_refsource_VUPEN
x_transferred
http://osvdb.org/71789
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.vupen.com/english/advisories/2011/0936
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:077
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.vupen.com/english/advisories/2011/0986
vdb-entry
x_refsource_VUPEN
x_transferred
http://securityreason.com/securityalert/8200
third-party-advisory
x_refsource_SREASON
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058181.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899
x_refsource_CONFIRM
x_transferred
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/517484/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0447.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securityfocus.com/bid/47310
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/44181
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securitytracker.com/id?1025320
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://hermes.opensuse.org/messages/8086843
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/44125
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/44196
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0997
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://osvdb.org/71789
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0936
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:077
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0986
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://securityreason.com/securityalert/8200
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058181.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:15 Apr, 2011 | 00:55
Updated At:29 Apr, 2026 | 01:13

The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.7
cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.7.1
cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.8
cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.8.1
cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.8.2
cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.8.3
cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*
MIT (Massachusetts Institute of Technology)
mit
>>kerberos_5>>1.9
cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726cve@mitre.org
N/A
http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899cve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058181.htmlcve@mitre.org
N/A
http://osvdb.org/71789cve@mitre.org
N/A
http://secunia.com/advisories/44125cve@mitre.org
N/A
http://secunia.com/advisories/44181cve@mitre.org
N/A
http://secunia.com/advisories/44196cve@mitre.org
N/A
http://securityreason.com/securityalert/8200cve@mitre.org
N/A
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txtcve@mitre.org
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:077cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2011-0447.htmlcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/517484/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/47310cve@mitre.org
N/A
http://www.securitytracker.com/id?1025320cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0936cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0986cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0997cve@mitre.org
N/A
https://hermes.opensuse.org/messages/8086843cve@mitre.org
N/A
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726af854a3a-2127-422b-91ae-364da2661108
N/A
http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058181.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://osvdb.org/71789af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44125af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44181af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44196af854a3a-2127-422b-91ae-364da2661108
N/A
http://securityreason.com/securityalert/8200af854a3a-2127-422b-91ae-364da2661108
N/A
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txtaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:077af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2011-0447.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/517484/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/47310af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1025320af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0936af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0986af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0997af854a3a-2127-422b-91ae-364da2661108
N/A
https://hermes.opensuse.org/messages/8086843af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058181.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/71789
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/44125
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/44181
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/44196
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/8200
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:077
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0447.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/517484/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/47310
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1025320
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0936
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0986
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0997
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://hermes.opensuse.org/messages/8086843
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621726
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://krbdev.mit.edu/rt/Ticket/Display.html?id=6899
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058181.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://osvdb.org/71789
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44125
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44181
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44196
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/8200
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:077
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0447.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/517484/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/47310
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1025320
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0936
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0986
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0997
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://hermes.opensuse.org/messages/8086843
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

390Records found
CVE-2007-5902
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.00% / 88.48%
||
7 Day CHG~0.00%
Published-06 Dec, 2007 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CVE-2004-0523
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-25.93% / 96.30%
||
7 Day CHG~0.00%
Published-03 Jun, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.

Action-Not Available
Vendor-tinysofan/aSun Microsystems (Oracle Corporation)Silicon Graphics, Inc.MIT (Massachusetts Institute of Technology)
Product-sunossolarisseampropackkerberoskerberos_5tinysofa_enterprise_servern/a
CVE-2003-0041
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.23% / 79.24%
||
7 Day CHG~0.00%
Published-01 Feb, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.

Action-Not Available
Vendor-n/aRed Hat, Inc.Mandriva (Mandrakesoft)MIT (Massachusetts Institute of Technology)
Product-mandrake_linuxmandrake_multi_network_firewalllinuxkerberos_ftp_clientn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2002-1235
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-32.92% / 96.91%
||
7 Day CHG~0.00%
Published-25 Oct, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

Action-Not Available
Vendor-kthn/aDebian GNU/LinuxMIT (Massachusetts Institute of Technology)
Product-debian_linuxkerberos_5kth_kerberos_4kth_kerberos_5n/a
CVE-2001-0247
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-35.17% / 97.06%
||
7 Day CHG~0.00%
Published-24 May, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.

Action-Not Available
Vendor-n/aOpenBSDNetBSDSilicon Graphics, Inc.MIT (Massachusetts Institute of Technology)FreeBSD Foundation
Product-irixfreebsdnetbsdkerberos_5openbsdn/a
CVE-2001-0554
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-16.67% / 94.96%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

Action-Not Available
Vendor-netkitn/aOpenBSDDebian GNU/LinuxIBM CorporationSilicon Graphics, Inc.NetBSDMIT (Massachusetts Institute of Technology)FreeBSD FoundationSun Microsystems (Oracle Corporation)
Product-debian_linuxsunosirixsolarisnetbsdfreebsdkerberosaixkerberos_5linux_netkitopenbsdn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2000-0389
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-11.01% / 93.47%
||
7 Day CHG~0.00%
Published-12 Jul, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.

Action-Not Available
Vendor-cygnusn/aRed Hat, Inc.MIT (Massachusetts Institute of Technology)
Product-linuxkerbnetcygnus_network_securitykerberoskerberos_5n/a
CVE-2000-0390
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-8.48% / 92.39%
||
7 Day CHG~0.00%
Published-12 Jul, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.

Action-Not Available
Vendor-cygnusn/aRed Hat, Inc.MIT (Massachusetts Institute of Technology)
Product-linuxkerbnetcygnus_network_securitykerberoskerberos_5n/a
CVE-2000-0391
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-8.48% / 92.39%
||
7 Day CHG~0.00%
Published-12 Jul, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.

Action-Not Available
Vendor-cygnusn/aRed Hat, Inc.MIT (Massachusetts Institute of Technology)
Product-linuxkerbnetcygnus_network_securitykerberoskerberos_5n/a
CVE-2011-4862
Matching Score-8
Assigner-FreeBSD
ShareView Details
Matching Score-8
Assigner-FreeBSD
CVSS Score-10||HIGH
EPSS-92.58% / 99.75%
||
7 Day CHG~0.00%
Published-25 Dec, 2011 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

Action-Not Available
Vendor-heimdal_projectn/aFreeBSD FoundationopenSUSEGNUMIT (Massachusetts Institute of Technology)SUSEDebian GNU/LinuxFedora Project
Product-debian_linuxlinux_enterprise_desktopfreebsdinetutilslinux_enterprise_serverfedorakrb5-appllinux_enterprise_software_development_kitheimdalopensusen/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2009-4212
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-16.48% / 94.92%
||
7 Day CHG~0.00%
Published-13 Jan, 2010 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberoskerberos_5n/a
CVE-2009-0846
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-50.01% / 97.84%
||
7 Day CHG~0.00%
Published-09 Apr, 2009 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

Action-Not Available
Vendor-n/aCanonical Ltd.Apple Inc.MIT (Massachusetts Institute of Technology)Red Hat, Inc.Fedora Project
Product-enterprise_linux_eusubuntu_linuxmac_os_xkerberos_5enterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopfedoraenterprise_linuxn/a
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2000-0514
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.93% / 76.17%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CVE-2008-0947
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-45.10% / 97.62%
||
7 Day CHG~0.00%
Published-19 Mar, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-4743
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-20.25% / 95.54%
||
7 Day CHG~0.00%
Published-06 Sep, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-3999
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-47.84% / 97.73%
||
7 Day CHG~0.00%
Published-05 Sep, 2007 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-2442
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-42.57% / 97.49%
||
7 Day CHG~0.00%
Published-26 Jun, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxMIT (Massachusetts Institute of Technology)
Product-debian_linuxubuntu_linuxkerberos_5n/a
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2007-0956
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-25.75% / 96.28%
||
7 Day CHG+3.84%
Published-06 Apr, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxMIT (Massachusetts Institute of Technology)
Product-debian_linuxubuntu_linuxkerberos_5n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2002-2443
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-15.01% / 94.60%
||
7 Day CHG~0.00%
Published-29 May, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMIT (Massachusetts Institute of Technology)Red Hat, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxubuntu_linuxenterprise_linux_serverkerberos_5enterprise_linux_workstationenterprise_linux_desktopfedoraenterprise_linux_server_ausenterprise_linux_eusopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1417
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.54% / 67.76%
||
7 Day CHG~0.00%
Published-20 Nov, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-1015
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.23% / 79.29%
||
7 Day CHG~0.00%
Published-06 Aug, 2012 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-4151
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.21% / 79.05%
||
7 Day CHG~0.00%
Published-20 Oct, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1529
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.38% / 85.05%
||
7 Day CHG~0.00%
Published-20 Oct, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1527
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.62% / 85.74%
||
7 Day CHG~0.00%
Published-20 Oct, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1528
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-5.46% / 90.23%
||
7 Day CHG~0.00%
Published-20 Oct, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1322
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.46% / 80.97%
||
7 Day CHG~0.00%
Published-07 Oct, 2010 | 20:21
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-0283
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.73% / 88.04%
||
7 Day CHG~0.00%
Published-21 Feb, 2010 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberoskerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0845
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-19.31% / 95.40%
||
7 Day CHG~0.00%
Published-27 Mar, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberoskerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4022
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.99% / 92.64%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-32471
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-6.24% / 90.95%
||
7 Day CHG+0.80%
Published-10 May, 2021 | 04:49
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. For example, a tape head may have an unexpected location after the processing of input composed of As and Bs (instead of 0s and 1s). NOTE: the discoverer states "this vulnerability has no real-world implications."

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-universal_turing_machinen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-1030
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.93% / 83.48%
||
7 Day CHG~0.00%
Published-02 Jun, 2008 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-0457
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-29.75% / 96.66%
||
7 Day CHG~0.00%
Published-07 Feb, 2008 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-backupexec_system_recoveryn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-6176
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-7.54% / 91.85%
||
7 Day CHG~0.00%
Published-30 Nov, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action.

Action-Not Available
Vendor-amensa-softn/a
Product-k\+b-bestellsystemn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-4561
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-16.69% / 94.96%
||
7 Day CHG~0.00%
Published-28 Aug, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers.

Action-Not Available
Vendor-n/aRealNetworks LLC
Product-helix_dna_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2013-0873
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-10||HIGH
EPSS-2.01% / 83.82%
||
7 Day CHG~0.00%
Published-23 Nov, 2013 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to "freeing invalid addresses."

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2005-0050
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-55.49% / 98.09%
||
7 Day CHG~0.00%
Published-08 Feb, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntwindows_2000windows_2003_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1330
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-10||HIGH
EPSS-67.14% / 98.58%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-sharepoint_servicessharepoint_portal_serversharepoint_foundationoffice_web_appssharepoint_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3573
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-1.11% / 78.27%
||
7 Day CHG~0.00%
Published-14 Jun, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-insight_diagnosticsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2004-1019
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.77% / 91.35%
||
7 Day CHG~0.00%
Published-22 Dec, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.

Action-Not Available
Vendor-trustixopenpkgn/aUbuntuThe PHP Group
Product-openpkgphpsecure_linuxubuntu_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2004-0840
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-36.74% / 97.16%
||
7 Day CHG~0.00%
Published-16 Oct, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_serverwindows_xpwindows_server_2003n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-6963
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-0.21% / 42.72%
||
7 Day CHG~0.00%
Published-24 Jan, 2020 | 16:31
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-gehealthcaren/a
Product-carescape_central_station_mai700_firmwarecarescape_central_station_mas700carescape_central_station_mai700clinical_information_center_mp100dapexpro_telemetry_serverclinical_information_center_mp100rclinical_information_center_mp100d_firmwareclinical_information_center_mp100r_firmwarecarescape_telemetry_server_mp100r_firmwarecarescape_telemetry_server_mp100rcarescape_central_station_mas700_firmwareapexpro_telemetry_server_firmwareGE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors
CWE ID-CWE-798
Use of Hard-coded Credentials
CWE ID-CWE-20
Improper Input Validation
CVE-2008-6557
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.19% / 84.46%
||
7 Day CHG~0.00%
Published-30 Mar, 2009 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command.

Action-Not Available
Vendor-puppetmastern/a
Product-webutiln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-6555
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.00% / 89.75%
||
7 Day CHG~0.00%
Published-30 Mar, 2009 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command.

Action-Not Available
Vendor-puppetmastern/a
Product-webutiln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-6476
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.42% / 62.16%
||
7 Day CHG~0.00%
Published-31 Jan, 2018 | 19:00
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124 or 0x9C40207c.

Action-Not Available
Vendor-superantispywaren/a
Product-superantispywaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29499
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-88.62% / 99.52%
||
7 Day CHG~0.00%
Published-26 Apr, 2022 | 01:13
Updated-03 Nov, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-07-18||Apply updates per vendor instructions.

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.

Action-Not Available
Vendor-n/aMitel Networks Corp.
Product-mivoice_connectn/aMiVoice Connect
CWE ID-CWE-20
Improper Input Validation
CVE-2018-6298
Matching Score-4
Assigner-Kaspersky
ShareView Details
Matching Score-4
Assigner-Kaspersky
CVSS Score-9.8||CRITICAL
EPSS-3.22% / 87.12%
||
7 Day CHG~0.00%
Published-13 Mar, 2018 | 17:00
Updated-16 Sep, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Remote code execution in Hanwha Techwin Smartcams

Action-Not Available
Vendor-hanwha-securityHanwha Techwin
Product-snh-v6410pn_firmwaresnh-v6410pnsnh-v6410pnwsnh-v6410pnw_firmwareHanwha Techwin Smartcams
CWE ID-CWE-20
Improper Input Validation
CVE-2003-1425
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.68% / 87.97%
||
7 Day CHG~0.00%
Published-20 Oct, 2007 | 10:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-5447
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 61.43%
||
7 Day CHG~0.00%
Published-25 Jan, 2018 | 22:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Input Validation issue was discovered in Nari PCS-9611 relay. An improper input validation vulnerability has been identified that affects a service within the software that may allow a remote attacker to arbitrarily read/access system resources and affect the availability of the system.

Action-Not Available
Vendor-nrecn/a
Product-pcs-9611pcs-9611_firmwareNari PCS-9611
CWE ID-CWE-20
Improper Input Validation
CVE-2018-4254
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 63.34%
||
7 Day CHG~0.00%
Published-11 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2002-1874
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.91% / 83.39%
||
7 Day CHG~0.00%
Published-28 Jun, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request. NOTE: earlier disclosures stated that the affected versions were 1.7.1 through 2.1.2, but the vendor explicitly stated that these were incorrect.

Action-Not Available
Vendor-astrocamn/a
Product-astrocamn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 7
  • 8
  • Next
Details not found