The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
Max CVSS
7.5
EPSS Score
1.66%
Published
2008-03-19
Updated
2024-02-09
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.
Max CVSS
9.3
EPSS Score
0.71%
Published
2008-01-18
Updated
2020-11-20
2 vulnerabilities found