CVE Tools

openafs

Operating Systemsoss-project

29

Cumulative CVEs

13

Monthly snapshots

#28

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting openafs.

CVE-2024-10397Preallocated buffer overflows in XDR responses7.8Nov 14, 2024
CVE-2024-10396Fileserver crash and possible information leak on StoreACL/FetchACL6.5Nov 14, 2024
CVE-2024-10394Theft of credentials in Unix client PAGs7.8Nov 14, 2024
CVE-2019-18602OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer.7.5Oct 29, 2019
CVE-2019-18603OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer.5.9Oct 29, 2019
CVE-2019-18601OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database serve...7.5Oct 29, 2019
CVE-2018-16949An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bi...7.5Sep 12, 2018
CVE-2018-16948An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from b...7.5Sep 12, 2018
CVE-2018-16947An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those ...9.8Sep 12, 2018
CVE-2017-17432OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrat...7.5Dec 6, 2017
CVE-2016-9772OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC ...5.3Feb 6, 2017
CVE-2016-4536The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might all...5.3May 13, 2016
CVE-2016-2860The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary group...6.5May 13, 2016
CVE-2015-8312Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes.7.8May 13, 2016
CVE-2015-7763rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote att...5.0Nov 6, 2015