Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openafs openafs vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-4536
The client in OpenAFS prior to 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote malicious users to obtain sensitive memory information by leveraging ac...
Openafs Openafs
5
CVSSv2
CVE-2014-4044
OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote malicious users to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests.
Openafs Openafs 1.6.8
5
CVSSv2
CVE-2019-18602
OpenAFS prior to 1.6.24 and 1.8.x prior to 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer.
Openafs Openafs
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2019-18603
OpenAFS prior to 1.6.24 and 1.8.x prior to 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer.
Openafs Openafs
Debian Debian Linux 8.0
4
CVSSv2
CVE-2016-2860
The newEntry function in ptserver/ptprocs.c in OpenAFS prior to 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.
Openafs Openafs
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2007-6599
Race condition in fileserver in OpenAFS 1.3.50 up to and including 1.4.5 and 1.5.0 up to and including 1.5.27 allows remote malicious users to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the Giv...
Openafs Openafs
Debian Debian Linux 3.1
Debian Debian Linux 4.0
4
CVSSv2
CVE-2015-6587
The vlserver in OpenAFS prior to 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.
Openafs Openafs
Debian Debian Linux 7.0
Debian Debian Linux 8.0
7.5
CVSSv2
CVE-2018-16947
An issue exists in OpenAFS prior to 1.6.23 and 1.8.x prior to 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator cred...
Openafs Openafs
Debian Debian Linux 8.0
Debian Debian Linux 9.0
5
CVSSv2
CVE-2018-16948
An issue exists in OpenAFS prior to 1.6.23 and 1.8.x prior to 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server...
Openafs Openafs
Debian Debian Linux 9.0
Debian Debian Linux 8.0
5
CVSSv2
CVE-2018-16949
An issue exists in OpenAFS prior to 1.6.23 and 1.8.x prior to 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large...
Openafs Openafs
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »