Search CVE reports
1 – 10 of 32 results
CVE-2019-18603
Medium priorityOpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer.
1 affected packages
openafs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openafs | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2019-18602
Medium priorityOpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer.
1 affected packages
openafs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openafs | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2019-18601
Medium priorityOpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler.
1 affected packages
openafs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openafs | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2018-16949
Medium priorityAn issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An...
1 affected packages
openafs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openafs | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2018-16948
Medium priorityAn issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the...
1 affected packages
openafs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openafs | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2018-16947
Medium priorityAn issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results...
1 affected packages
openafs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openafs | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2017-17432
Medium priorityOpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and...
1 affected packages
openafs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openafs | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2016-9772
Medium priorityOpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses.
1 affected packages
openafs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openafs | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2016-4536
Medium priorityThe client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain...
1 affected packages
openafs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openafs | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2016-2860
Medium priorityThe newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging...
1 affected packages
openafs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openafs | Not affected | Not affected | Not affected | Not affected | Vulnerable |