Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openafs openafs vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-47366
In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client switches between them when talking to a non-YF...
5
CVSSv2
CVE-2019-18601
OpenAFS prior to 1.6.24 and 1.8.x prior to 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler.
Openafs Openafs
5
CVSSv2
CVE-2019-18602
OpenAFS prior to 1.6.24 and 1.8.x prior to 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer.
Openafs Openafs
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2019-18603
OpenAFS prior to 1.6.24 and 1.8.x prior to 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer.
Openafs Openafs
Debian Debian Linux 8.0
7.5
CVSSv2
CVE-2018-16947
An issue exists in OpenAFS prior to 1.6.23 and 1.8.x prior to 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator cred...
Openafs Openafs
Debian Debian Linux 8.0
Debian Debian Linux 9.0
5
CVSSv2
CVE-2018-16948
An issue exists in OpenAFS prior to 1.6.23 and 1.8.x prior to 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server...
Openafs Openafs
Debian Debian Linux 9.0
Debian Debian Linux 8.0
5
CVSSv2
CVE-2018-16949
An issue exists in OpenAFS prior to 1.6.23 and 1.8.x prior to 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large...
Openafs Openafs
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.8
CVSSv2
CVE-2017-17432
OpenAFS 1.x prior to 1.6.22 does not properly validate Rx ack packets, which allows remote malicious users to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.
Openafs Openafs
Debian Debian Linux 9.0
Debian Debian Linux 8.0
5
CVSSv2
CVE-2016-9772
OpenAFS 1.6.19 and previous versions allows remote malicious users to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses.
Openafs Openafs
5
CVSSv2
CVE-2016-4536
The client in OpenAFS prior to 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote malicious users to obtain sensitive memory information by leveraging ac...
Openafs Openafs
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »