Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openafs openafs 1.6.9 vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2017-17432
OpenAFS 1.x prior to 1.6.22 does not properly validate Rx ack packets, which allows remote malicious users to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.
Openafs Openafs
Debian Debian Linux 9.0
Debian Debian Linux 8.0
5
CVSSv2
CVE-2016-9772
OpenAFS 1.6.19 and previous versions allows remote malicious users to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses.
Openafs Openafs
5
CVSSv2
CVE-2016-4536
The client in OpenAFS prior to 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote malicious users to obtain sensitive memory information by leveraging ac...
Openafs Openafs
5
CVSSv2
CVE-2015-7762
rx/rx.c in OpenAFS prior to 1.6.15 and 1.7.x prior to 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote malicious users to obtain sensitive information by (1) conducting a replay attack or...
Openafs Openafs 1.7.13
Openafs Openafs 1.7.14
Openafs Openafs 1.7.20
Openafs Openafs 1.7.21
Openafs Openafs 1.7.28
Openafs Openafs 1.7.29
Openafs Openafs
Openafs Openafs 1.7.1
Openafs Openafs 1.7.10
Openafs Openafs 1.7.17
Openafs Openafs 1.7.19
Openafs Openafs 1.7.24
Openafs Openafs 1.7.25
Openafs Openafs 1.7.4
Openafs Openafs 1.7.8
Openafs Openafs 1.7.15
Openafs Openafs 1.7.16
Openafs Openafs 1.7.22
Openafs Openafs 1.7.23
Openafs Openafs 1.7.3
Openafs Openafs 1.7.30
Openafs Openafs 1.7.31
5
CVSSv2
CVE-2015-7763
rx/rx.c in OpenAFS 1.5.75 up to and including 1.5.78, 1.6.x prior to 1.6.15, and 1.7.x prior to 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote malicious users to obtain sensitive information by (1) conducting a re...
Openafs Openafs 1.6.2
Openafs Openafs 1.6.3
Openafs Openafs 1.6.7
Openafs Openafs 1.6.8
Openafs Openafs 1.6.9
Openafs Openafs 1.7.10
Openafs Openafs 1.7.11
Openafs Openafs 1.7.18
Openafs Openafs 1.7.19
Openafs Openafs 1.7.26
Openafs Openafs 1.7.27
Openafs Openafs 1.7.8
Openafs Openafs 1.5.77
Openafs Openafs 1.5.78
Openafs Openafs 1.6.6
Openafs Openafs 1.6.5.1
Openafs Openafs 1.6.12
Openafs Openafs 1.6.13
Openafs Openafs 1.7.14
Openafs Openafs 1.7.15
Openafs Openafs 1.7.21
Openafs Openafs 1.7.22
4
CVSSv2
CVE-2015-6587
The vlserver in OpenAFS prior to 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.
Openafs Openafs
Debian Debian Linux 7.0
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2015-3282
vos in OpenAFS prior to 1.6.13, when updating VLDB entries, allows remote malicious users to obtain stack data by sniffing the network.
Openafs Openafs
6.8
CVSSv2
CVE-2015-3283
OpenAFS prior to 1.6.13 allows remote malicious users to spoof bos commands via unspecified vectors.
Openafs Openafs
2.1
CVSSv2
CVE-2015-3285
The pioctl for the OSD FS command in OpenAFS prior to 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command.
Openafs Openafs
2.1
CVSSv2
CVE-2015-3284
pioctls in OpenAFS 1.6.x prior to 1.6.13 allows local users to read kernel memory via crafted commands.
Openafs Openafs
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started