Vulnerabilities > Openafs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-13 | CVE-2015-8312 | Numeric Errors vulnerability in multiple products Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes. | 7.8 |
| 2015-11-06 | CVE-2015-7763 | Information Exposure vulnerability in Openafs rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network. | 5.0 |
| 2015-11-06 | CVE-2015-7762 | Information Exposure vulnerability in multiple products rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network. | 5.0 |
| 2015-09-02 | CVE-2015-6587 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC. | 4.0 |
| 2015-08-12 | CVE-2015-3286 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openafs Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG. | 4.6 |
| 2015-08-12 | CVE-2015-3285 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openafs The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command. | 2.1 |
| 2015-08-12 | CVE-2015-3284 | Information Exposure vulnerability in Openafs pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands. | 2.1 |
| 2015-08-12 | CVE-2015-3283 | Permissions, Privileges, and Access Controls vulnerability in Openafs OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors. | 6.8 |
| 2015-08-12 | CVE-2015-3282 | Information Exposure vulnerability in Openafs vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network. | 4.3 |
| 2014-04-14 | CVE-2014-2852 | Improper Input Validation vulnerability in Openafs OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet. | 5.0 |