Known Vulnerabilities for products from Openafs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Openafs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2019-18603 json | OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitiali... | 5.9 - MEDIUM | 2019-10-29 | 2022-01-01 |
| CVE-2019-18602 json | OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalar... | 7.5 - HIGH | 2019-10-29 | 2022-01-01 |
| CVE-2019-18601 json | OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attac... | 7.5 - HIGH | 2019-10-29 | 2019-11-06 |
| CVE-2018-16949 json | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were ... | 7.5 - HIGH | 2018-09-12 | 2019-03-07 |
| CVE-2018-16948 json | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize... | 7.5 - HIGH | 2018-09-12 | 2018-11-19 |
| CVE-2018-16947 json | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts in... | 9.8 - CRITICAL | 2018-09-12 | 2019-10-03 |
| CVE-2017-17432 json | OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of servi... | 7.5 - HIGH | 2017-12-06 | 2019-10-03 |
| CVE-2016-9772 json | OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) cl... | 5.3 - MEDIUM | 2017-02-06 | 2017-02-08 |
| CVE-2016-4536 json | The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbLi... | 5.3 - MEDIUM | 2016-05-13 | 2016-05-19 |
| CVE-2016-2860 json | The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos ... | 6.5 - MEDIUM | 2016-05-13 | 2023-11-07 |
| CVE-2015-8312 json | Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwr... | 7.8 - HIGH | 2016-05-13 | 2023-11-07 |
| CVE-2015-7763 json | rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding a... | 5 - MEDIUM | 2015-11-06 | 2016-12-07 |
| CVE-2015-7762 json | rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when co... | 5 - MEDIUM | 2015-11-06 | 2016-12-07 |
| CVE-2015-6587 json | The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and ... | 4 - MEDIUM | 2015-09-02 | 2015-09-02 |
| CVE-2015-3286 json | Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (pan... | 4.6 - MEDIUM | 2015-08-12 | 2017-09-21 |
| CVE-2015-3285 json | The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which ... | 2.1 - LOW | 2015-08-12 | 2017-09-21 |
| CVE-2015-3284 json | pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands. | 2.1 - LOW | 2015-08-12 | 2017-09-21 |
| CVE-2015-3283 json | OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors. | 6.8 - MEDIUM | 2015-08-12 | 2017-09-21 |
| CVE-2015-3282 json | vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the networ... | 4.3 - MEDIUM | 2015-08-12 | 2017-09-21 |
| CVE-2014-4044 json | OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of se... | 5 - MEDIUM | 2014-06-17 | 2023-11-07 |
Known software with vulnerabilities from Openafs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Openafs | Openafs | 1.0 |