CVSS: 7.8EPSS: 5%CPEs: 1EXPL: 1CVE-2021-32471
https://notcve.org/view.php?id=CVE-2021-32471
10 May 2021 — Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. For example, a tape head may have an unexpected location after the processing of input composed of As and Bs (instead of 0s and 1s). NOTE: the discoverer states "this vulnerability has no real-world implications." Una comprobación insuficiente de la entrada en la implementación de Marvin Minsky 1967 de Universal Turing Machine, permite a usua... • https://github.com/intrinsic-propensity/turing-machine • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2019-25017
https://notcve.org/view.php?id=CVE-2019-25017
02 Feb 2021 — An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious rcp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rcp client target directory. If recursive operation (-r) is performed, the server can manipulate... • https://bugzilla.suse.com/show_bug.cgi?id=1131109 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-25018
https://notcve.org/view.php?id=CVE-2019-25018
02 Feb 2021 — In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. En el cliente rcp en MI... • https://bugzilla.suse.com/show_bug.cgi?id=1131109 •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2020-28196 – krb5: unbounded recursion via an ASN.1-encoded Kerberos message in lib/krb5/asn.1/asn1_encode.c may lead to DoS
https://notcve.org/view.php?id=CVE-2020-28196
06 Nov 2020 — MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. MIT Kerberos versión 5 (también se conoce como krb5) versiones anteriores a 1.17.2 y versiones 1.18.x anteriores a 1.18.3, permite una recursividad ilimitada por medio de un mensaje Kerberos codificado en ASN.1 porque el soporte de la biblioteca lib/krb5 /asn.1/asn1_encode.c para ... • https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd • CWE-674: Uncontrolled Recursion •
CVSS: 9.6EPSS: 7%CPEs: 86EXPL: 2CVE-2020-7750 – Cross-site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2020-7750
21 Oct 2020 — This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function. Esto afecta al paquete scratch-svg-renderer versiones anteriores a 0.2.0-prerelease.20201019174008. La función loadString no escapa un SVG apropiadamente, que se puede usar para inyectar elementos arbitrarios en el DOM por medio de la función _transformMeasurements • https://www.exploit-db.com/exploits/50079 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 1CVE-2020-14000
https://notcve.org/view.php?id=CVE-2020-14000
16 Jul 2020 — MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker. The responsible code is getExtensionIdForOpcode in serialization/sb3.js. The use of _ is incompatible with a protection mechanism in older versions, in which URLs were split and consequently deserialization attacks were prevented. NO... • https://github.com/ossf-cve-benchmark/CVE-2020-14000 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 16%CPEs: 4EXPL: 0CVE-2019-14844
https://notcve.org/view.php?id=CVE-2019-14844
26 Sep 2019 — A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC. Se encontró un fallo en Fedora versiones de krb5 desde 1.16.1 hasta 1.17.x (incluyéndola), en la manera en que un cliente de Kerberos podría bloquear el KDC mediante el envío de uno de los "enctypes" 4556 de RFC. Un usuario no autenticado remoto podría utilizar este fallo ... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14844 • CWE-628: Function Call with Incorrectly Specified Arguments •
CVSS: 5.3EPSS: 1%CPEs: 3EXPL: 0CVE-2018-20217 – Ubuntu Security Notice USN-5828-1
https://notcve.org/view.php?id=CVE-2018-20217
26 Dec 2018 — A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request. Se ha descubierto un problema de aserción alcanzable en el KDC en MIT Kerberos 5 (también conocido como krb5), en versiones anteriores a la 1.17. Si un atacante puede obtener un ticket krbtgt mediante un tipo de cifrado más antiguo (DES, Triple DE... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-7562 – krb5: Authentication bypass by improper validation of certificate EKU and SAN
https://notcve.org/view.php?id=CVE-2017-7562
11 Apr 2018 — An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances. Se ha encontrado un error de omisión de autenticación en la forma en que la interfaz de certauth de krb5 en versiones anteriores a la 1.16.1 gestionaba la validación de los certificados de cliente. Un atacante remot... • http://www.securityfocus.com/bid/100511 • CWE-287: Improper Authentication CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 0CVE-2018-5729 – krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data
https://notcve.org/view.php?id=CVE-2018-5729
06 Mar 2018 — MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module. MIT krb5, en versiones 1.6 o posteriores, permite que un kadmin autenticado con permiso para añadir entidades de seguridad a una base de datos LDAP Kerberos provoque una denegación de servicio (desreferencia de puntero NULL) u omita una compro... • http://www.securitytracker.com/id/1042071 • CWE-476: NULL Pointer Dereference •