Known Vulnerabilities for products from Openafs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Openafs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2019-18603 json | OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitiali... | 5.9 - MEDIUM | 2019-10-29 | 2022-01-01 |
| CVE-2019-18602 json | OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalar... | 7.5 - HIGH | 2019-10-29 | 2022-01-01 |
| CVE-2019-18601 json | OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attac... | 7.5 - HIGH | 2019-10-29 | 2019-11-06 |
| CVE-2018-16949 json | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were ... | 7.5 - HIGH | 2018-09-12 | 2019-03-07 |
| CVE-2018-16948 json | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize... | 7.5 - HIGH | 2018-09-12 | 2018-11-19 |
| CVE-2018-16947 json | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts in... | 9.8 - CRITICAL | 2018-09-12 | 2019-10-03 |
| CVE-2017-17432 json | OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of servi... | Not Provided | 2017-12-06 | 2025-04-20 |
| CVE-2016-9772 json | OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) cl... | Not Provided | 2017-02-06 | 2025-04-20 |
| CVE-2016-4536 json | The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbLi... | Not Provided | 2016-05-13 | 2026-05-06 |
| CVE-2016-2860 json | The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos ... | Not Provided | 2016-05-13 | 2026-05-06 |
| CVE-2015-8312 json | Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwr... | Not Provided | 2016-05-13 | 2026-05-06 |
| CVE-2015-7763 json | rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding a... | Not Provided | 2015-11-06 | 2026-05-06 |
| CVE-2015-7762 json | rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when co... | Not Provided | 2015-11-06 | 2026-05-06 |
| CVE-2015-6587 json | The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and ... | Not Provided | 2015-09-02 | 2026-05-06 |
| CVE-2015-3286 json | Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (pan... | Not Provided | 2015-08-12 | 2026-05-06 |
| CVE-2015-3285 json | The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which ... | Not Provided | 2015-08-12 | 2026-05-06 |
| CVE-2015-3284 json | pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands. | Not Provided | 2015-08-12 | 2026-05-06 |
| CVE-2015-3283 json | OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors. | Not Provided | 2015-08-12 | 2026-05-06 |
| CVE-2015-3282 json | vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the networ... | Not Provided | 2015-08-12 | 2026-05-06 |
| CVE-2014-4044 json | OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of se... | Not Provided | 2014-06-17 | 2026-05-06 |
Known software with vulnerabilities from Openafs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Openafs | Openafs | 1.0 |