Vulnerabilities > Openafs

DATE CVE VULNERABILITY TITLE RISK
2019-10-29 CVE-2019-18603 Use of Uninitialized Resource vulnerability in multiple products
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer.
network
high complexity
openafs debian CWE-908
5.9
2019-10-29 CVE-2019-18602 Use of Uninitialized Resource vulnerability in multiple products
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer.
network
low complexity
openafs debian CWE-908
7.5
2019-10-29 CVE-2019-18601 Deserialization of Untrusted Data vulnerability in Openafs
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler.
network
low complexity
openafs CWE-502
7.5
2018-09-12 CVE-2018-16949 Resource Exhaustion vulnerability in multiple products
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2.
network
low complexity
openafs debian CWE-400
7.5
2018-09-12 CVE-2018-16948 Information Exposure vulnerability in multiple products
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2.
network
low complexity
openafs debian CWE-200
7.5
2018-09-12 CVE-2018-16947 Improper Authentication vulnerability in multiple products
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2.
network
low complexity
openafs debian CWE-287
critical
9.8
2017-12-06 CVE-2017-17432 Reachable Assertion vulnerability in multiple products
OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.
network
low complexity
openafs debian CWE-617
7.5
2017-02-06 CVE-2016-9772 Information Exposure vulnerability in Openafs
OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses.
network
low complexity
openafs CWE-200
5.3
2016-05-13 CVE-2016-4536 Information Exposure vulnerability in Openafs
The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic.
network
low complexity
openafs CWE-200
5.3
2016-05-13 CVE-2016-2860 Improper Access Control vulnerability in multiple products
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.
network
low complexity
openafs debian CWE-284
6.5