Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nfs-utils vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-3689
The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and manag...
Linux-nfs Nfs-utils
9.8
CVSSv3
CVE-2003-0252
Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) prior to 1.0.4 allows remote malicious users to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.
Linux-nfs Nfs-utils
NA
CVE-2011-1749
The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils prior to 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a sma...
Linux-nfs Nfs-utils
Linux-nfs Nfs-utils 1.2.0
Linux-nfs Nfs-utils 1.2.1
Linux-nfs Nfs-utils 1.2.2
NA
CVE-2011-2500
The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils prior to 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote malicious users to mount filesystems by establishing crafted DNS A and PTR records.
Linux-nfs Nfs-utils 1.2.1
Linux-nfs Nfs-utils 1.2.0
Linux-nfs Nfs-utils
Linux-nfs Nfs-utils 1.2.2
NA
CVE-2013-1923
rpc-gssd in nfs-utils prior to 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote malicious users to read otherwise-restricted files via DNS spoofing attacks.
Linux-nfs Nfs-utils 1.2.2
Linux-nfs Nfs-utils 1.2.1
Linux-nfs Nfs-utils
Linux-nfs Nfs-utils 1.2.6
Linux-nfs Nfs-utils 1.2.5
Linux-nfs Nfs-utils 1.2.4
Linux-nfs Nfs-utils 1.2.3
Linux-nfs Nfs-utils 1.2.0
NA
CVE-2009-0180
Certain Fedora build scripts for nfs-utils prior to 1.1.2-9.fc9 on Fedora 9, and prior to 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote malicious users to bypass intended access restrictions, possibly a related issue to CVE-2008-1376.
Nfs Nfs-utils 0.2.1
Nfs Nfs-utils 1.0
Nfs Nfs-utils 1.0.3
Nfs Nfs-utils 1.0.8
Nfs Nfs-utils 1.0.12
Nfs Nfs-utils 0.3.1
Nfs Nfs-utils 1.0.1
Nfs Nfs-utils 1.0.4
Nfs Nfs-utils 1.1.0
Nfs Nfs-utils
Nfs Nfs-utils 0.3.3
Nfs Nfs-utils 0.2
Nfs Nfs-utils 1.0.7
Nfs Nfs-utils 1.0.11
Nfs Nfs-utils 1.0.10
Nfs Nfs-utils 1.0.9
Nfs Nfs-utils 1.0.6
Nfs Nfs-utils 1.0.2
Nfs Nfs-utils 1.1.1
Nfs Nfs-utils 1.1.2
Nfs Nfs-utils 1.1.3
NA
CVE-2008-4552
The good_client function in nfs-utils 1.0.9, and possibly other versions prior to 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote malicious users to bypass intended access restrictions.
Nfs Nfs-utils 0.3.1
Nfs Nfs-utils 0.2.1
Nfs Nfs-utils 1.0.3
Nfs Nfs-utils 1.0.6
Nfs Nfs-utils 1.0.8
Nfs Nfs-utils
Nfs Nfs-utils 0.2
Nfs Nfs-utils 1.0.2
Nfs Nfs-utils 1.0.7
Nfs Nfs-utils 1.0.11
Nfs Nfs-utils 1.0.12
Nfs Nfs-utils 1.0
Nfs Nfs-utils 0.3.3
Nfs Nfs-utils 1.0.9
Nfs Nfs-utils 1.0.10
Nfs Nfs-utils 1.0.1
Nfs Nfs-utils 1.0.4
Nfs Nfs-utils 1.1.0
Nfs Nfs-utils 1.1.1
NA
CVE-2008-1376
A certain Red Hat build script for nfs-utils prior to 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote malicious users to bypass intended access restrictions.
Redhat Nfs Utils 1.0.9
NA
CVE-2004-0946
rquotad in nfs-utils (rquota_server.c) prior to 1.0.6-r6 on 64-bit architectures does not properly perform an integer conversion, which leads to a stack-based buffer overflow and allows remote malicious users to execute arbitrary code via a crafted NFS request.
Nfs Nfs-utils 1.0.1
Nfs Nfs-utils 1.0.2
Nfs Nfs-utils 1.0.6
Nfs Nfs-utils 1.0.3
Nfs Nfs-utils 1.0.4
Nfs Nfs-utils 1.0
Redhat Enterprise Linux Desktop 3.0
Redhat Enterprise Linux 3.0
NA
CVE-2004-1014
statd in nfs-utils 1.257 and previous versions does not ignore the SIGPIPE signal, which allows remote malicious users to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.
Nfs Nfs-utils 1.0.6
Debian Debian Linux 3.0
Mandrakesoft Mandrake Linux 9.2
Mandrakesoft Mandrake Linux Corporate Server 2.1
Mandrakesoft Mandrake Linux 10.1
Redhat Enterprise Linux Desktop 3.0
Mandrakesoft Mandrake Linux 10.0
Redhat Enterprise Linux 3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »