mit

160 tracked vulnerabilities.

CVE-2026-40356 MEDIUM
MIT Kerberos 5 1.18-<1.22.3 - Unauthenticated Integer Underflow via NegoEx Mechanism
Apr 28, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-40355 MEDIUM
MIT Kerberos 5 1.18-<1.22.3 - Unauthenticated NULL Pointer Dereference via NegoEx Mechanism
Apr 28, 2026
CVSS 5.9
EPSS 0.00
CVE-2025-24528 HIGH
MIT Kerberos <1.22 - Privilege Escalation
Jan 16, 2026
CVSS 7.1
EPSS 0.00
CVE-2024-37371 CRITICAL
MIT Kerberos 5 < 1.21.3 - Out-of-bounds Read via GSS Message Token Length Field
Jun 28, 2024
CVSS 9.1
EPSS 0.03
CVE-2024-37370 HIGH
MIT Kerberos 5 < 1.21.3 - Insufficient Verification of Data Authenticity in GSS krb5 Wrap Token
Jun 28, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-26462 MEDIUM
MIT Kerberos 5 1.21.2 - Memory Leak in NDR Component
Feb 29, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-26461 HIGH
MIT Kerberos 5 1.21.2 - Memory Leak in k5sealv3.c
Feb 29, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-26458 MEDIUM
MIT Kerberos 5 1.21.2 - Memory Leak in PMAP_RMT
Feb 29, 2024
CVSS 5.3
EPSS 0.00
CVE-2023-39975 HIGH
MIT Kerberos 5 1.21-<1.21.2 - Authenticated Double Free in Authorization-Data Handling
Aug 16, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-36054 MEDIUM
MIT Kerberos 5 <1.20.2, <1.21.1 - Use After Free
Aug 07, 2023
CVSS 6.5
EPSS 0.01
CVE-2022-42898 HIGH
MIT Kerberos 5 < 1.19.4/1.20.x < 1.20.1 - RCE & DoS via PAC Parsing Integer Overflow
Dec 25, 2022
CVSS 8.8
EPSS 0.08
CVE-2022-39028 HIGH
GNU Inetutils <2.3 - Buffer Overflow
Aug 30, 2022
CVSS 7.5
EPSS 0.00
CVE-2021-37750 MEDIUM
MIT Kerberos 5 < 1.18.5 and 1.19.x < 1.19.3 - NULL Pointer Dereference in KDC FAST Inner Body
Aug 23, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-36222 HIGH
MIT Kerberos <1.18.4, <1.19.2 - Use After Free
Jul 22, 2021
CVSS 7.5
EPSS 0.07
CVE-2021-32471 HIGH
MIT Universal Turing Machine - Remote Code Execution via Crafted Input
May 10, 2021
CVSS 7.8
EPSS 0.03
CVE-2020-27428 MEDIUM
Scratch-Svg-Renderer 0.2.0 - DOM-based Cross-Site Scripting via Crafted SB3 File
Jan 06, 2022
CVSS 6.1
EPSS 0.00
CVE-2020-28196 HIGH
MIT Kerberos <1.17.2, <1.18.x-1.18.3 - RCE
Nov 06, 2020
CVSS 7.5
EPSS 0.00
CVE-2020-7750 CRITICAL
scratch-svg-renderer < 0.2.0-prerelease.20201019174008 - Cross-Site Scripting via SVG Injection in loadString
Oct 21, 2020
CVSS 9.6
EPSS 0.06
CVE-2020-14000 CRITICAL
MIT Scratch scratch-vm < 0.2.0-prerelease.20200714185213 - RCE via Untrusted Project JSON Extension URL
Jul 16, 2020
CVSS 9.8
EPSS 0.07
CVE-2019-25018 HIGH
MIT krb5-appl < 1.0.3 - Unauthenticated Directory Permissions Modification via Malicious Filename
Feb 02, 2021
CVSS 7.5
EPSS 0.00
CVE-2019-25017 MEDIUM
MIT krb5-appl <1.0.3 - Code Injection
Feb 02, 2021
CVSS 5.9
EPSS 0.01
CVE-2019-14844 HIGH
MIT Kerberos 5 1.16.1-1.17.x - Denial of Service via RFC 4556 Enctype
Sep 26, 2019
CVSS 7.5
EPSS 0.12
CVE-2018-20217 MEDIUM
MIT Kerberos < 1.17 - Denial of Service via S4U2Self Request with Older Encryption Type
Dec 26, 2018
CVSS 5.3
EPSS 0.02
CVE-2018-5730 LOW
MIT krb5 1.6+ - Privilege Escalation
Mar 06, 2018
CVSS 3.8
EPSS 0.00
CVE-2018-5729 MEDIUM
MIT Kerberos 5 >= 1.6 - Authenticated Denial of Service via Tagged Data in LDAP Database Module
Mar 06, 2018
CVSS 4.7
EPSS 0.00
Products
kerberos_5 137 kerberos 33 krb5-appl 4 Kerberos 5 3 cgiemail 2 scratch-svg-renderer 2 kerberos_ftp_client 1 mit_kerberos 1 pgp_public_key_server 1 scratch-vm 1 universal_turing_machine 1
Quick Filters
Critical CVEs With Exploits In CISA KEV