Known Vulnerabilities for products from Openafs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Openafs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2019-18603 | OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitiali... | 5.9 - MEDIUM | 2019-10-29 | 2022-01-01 |
| CVE-2019-18602 | OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalar... | 7.5 - HIGH | 2019-10-29 | 2022-01-01 |
| CVE-2019-18601 | OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attac... | 7.5 - HIGH | 2019-10-29 | 2019-11-06 |
| CVE-2018-16949 | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were ... | 7.5 - HIGH | 2018-09-12 | 2019-03-07 |
| CVE-2018-16948 | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize... | 7.5 - HIGH | 2018-09-12 | 2018-11-19 |
| CVE-2018-16947 | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts in... | 9.8 - CRITICAL | 2018-09-12 | 2019-10-03 |
| CVE-2017-17432 | OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of servi... | 7.5 - HIGH | 2017-12-06 | 2019-10-03 |
| CVE-2016-9772 | OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) cl... | 5.3 - MEDIUM | 2017-02-06 | 2017-02-08 |
| CVE-2016-4536 | The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbLi... | 5.3 - MEDIUM | 2016-05-13 | 2016-05-19 |
| CVE-2016-2860 | The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos ... | 6.5 - MEDIUM | 2016-05-13 | 2023-11-07 |
| CVE-2015-8312 | Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwr... | 7.8 - HIGH | 2016-05-13 | 2023-11-07 |
| CVE-2015-7763 | rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding a... | 5 - MEDIUM | 2015-11-06 | 2016-12-07 |
| CVE-2015-7762 | rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when co... | 5 - MEDIUM | 2015-11-06 | 2016-12-07 |
| CVE-2015-6587 | The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and ... | 4 - MEDIUM | 2015-09-02 | 2015-09-02 |
| CVE-2015-3286 | Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (pan... | 4.6 - MEDIUM | 2015-08-12 | 2017-09-21 |
| CVE-2015-3285 | The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which ... | 2.1 - LOW | 2015-08-12 | 2017-09-21 |
| CVE-2015-3284 | pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands. | 2.1 - LOW | 2015-08-12 | 2017-09-21 |
| CVE-2015-3283 | OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors. | 6.8 - MEDIUM | 2015-08-12 | 2017-09-21 |
| CVE-2015-3282 | vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the networ... | 4.3 - MEDIUM | 2015-08-12 | 2017-09-21 |
| CVE-2014-4044 | OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of se... | 5 - MEDIUM | 2014-06-17 | 2023-11-07 |
Known software with vulnerabilities from Openafs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Openafs | Openafs | 1.0 |