Openafs Openafs

36 CVEs affecting Openafs Openafs. Latest disclosed: 2024-11-14. Critical: 1, High: 8.

Top CVEs affecting Openafs Openafs
CVESeverityScorePublishedSummary
CVE-2018-16947Critical9.82018-09-12An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (…
CVE-2024-10397High7.82024-11-14A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code.
CVE-2024-10394High7.82024-11-14A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existin…
CVE-2015-8312High7.82016-05-13Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl…
CVE-2019-18602High7.52019-10-29OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a p…
CVE-2019-18601High7.52019-10-29OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Deb…
CVE-2018-16949High7.52018-09-12An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array typ…
CVE-2018-16948High7.52018-09-12An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before ret…
CVE-2017-17432High7.52017-12-06OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application cr…
CVE-2024-10396Medium6.52024-11-14An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and…
CVE-2016-2860Medium6.52016-05-13The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access r…
CVE-2019-18603Medium5.92019-10-29OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent…
CVE-2016-9772Medium5.32017-02-06OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserv…
CVE-2016-4536Medium5.32016-05-13The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrBy…
CVE-2015-77632015-11-06rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement…
CVE-2015-77622015-11-06rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (…
CVE-2015-65872015-09-02The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expre…
CVE-2015-32862015-08-12Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have o…
CVE-2015-32852015-08-12The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a deni…
CVE-2015-32842015-08-12pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands.