Vulnerabilities > Openafs > Openafs > 1.6.20.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-29 | CVE-2019-18603 | Use of Uninitialized Resource vulnerability in multiple products OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer. | 4.3 |
| 2019-10-29 | CVE-2019-18602 | Use of Uninitialized Resource vulnerability in multiple products OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer. | 5.0 |
| 2019-10-29 | CVE-2019-18601 | Deserialization of Untrusted Data vulnerability in Openafs OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler. | 5.0 |
| 2018-09-12 | CVE-2018-16949 | Resource Exhaustion vulnerability in multiple products An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. | 5.0 |
| 2018-09-12 | CVE-2018-16948 | Information Exposure vulnerability in multiple products An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. | 5.0 |
| 2018-09-12 | CVE-2018-16947 | Improper Authentication vulnerability in multiple products An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. | 7.5 |
| 2017-12-06 | CVE-2017-17432 | Reachable Assertion vulnerability in multiple products OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value. | 7.8 |