Skip to main content
CVE-2014-8165 CRITICAL Act Now

scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Python Powerpc Utils
NVD
CVSS 2.0
10.0
EPSS
5.3%
CVE-2014-5352 CRITICAL PATCH Act Now

The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Kerberos 5
NVD GitHub
CVSS 2.0
9.0
EPSS
5.4%
CVE-2014-9421 CRITICAL Act Now

The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Denial Of Service Kerberos 5
NVD GitHub
CVSS 2.0
9.0
EPSS
5.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy