CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9772
https://notcve.org/view.php?id=CVE-2016-9772
06 Feb 2017 — OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses. OpenAFS 1.6.19 y versiones anteriores permiten a atacantes remotos obtener información de directorio sensible a través de vectores que implican (1) la partición de caché de cliente, (2) partición del servidor de archivos vice o (3) ciertas respuestas de RPC. • http://www.openwall.com/lists/oss-security/2016/12/02/9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4536
https://notcve.org/view.php?id=CVE-2016-4536
13 May 2016 — The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic. El cliente en OpenAFS en versiones anteriores a 1.6.17 no inicializa adecuadamente las estructuras (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes y (4) ListAddrByAttributes, lo que podría pe... • https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2860 – Debian Security Advisory 3569-1
https://notcve.org/view.php?id=CVE-2016-2860
05 May 2016 — The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID. La función newEntry en ptserver/ptprocs.c en OpenAFS en versiones anteriores a 1.6.17 permite a usuarios remotos autenticados de dominios Kerberos ajenos eludir las restricciones destinadas al acceso y crear grupos arbitrarios como administradores ap... • http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=396240cf070a806b91fea81131d034e1399af1e0 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8312 – Debian Security Advisory 3569-1
https://notcve.org/view.php?id=CVE-2015-8312
05 May 2016 — Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes. Error por un paso en afs_pioctl.c en OpenAFS en versiones anteriores a 1.6.16 podría permitir a usuarios locales provocar una denegación de servicio (sobrescritura de memoria y caída de sistema) a través de un pioctl con un tamaño de buffer de entrada de 4096 bytes. Two vulnerabilities were discovered in opena... • http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=2ef863720da4d9f368aaca0461c672a3008195ca • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2015-7762 – Debian Security Advisory 3387-1
https://notcve.org/view.php?id=CVE-2015-7762
02 Nov 2015 — rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network. rx/rx.c en OpenAFS en versiones anteriores a 1.6.15 y 1.7.x en versiones anteriores a 1.7.33 no inicializa adecuadamente el relleno de una estructura de datos cuando construye un paquete de reconocimiento (ACK) Rx, ... • http://www.debian.org/security/2015/dsa-3387 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 49EXPL: 0CVE-2015-7763 – Debian Security Advisory 3387-1
https://notcve.org/view.php?id=CVE-2015-7763
02 Nov 2015 — rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network. rx/rx.c en OpenAFS 1.5.75 hasta la versión 1.5.78, 1.6.x en vesiones anteriores a 1.6.15 y 1.7.x en versiones anteriores a 1.7.33 no inicializa adecuadamente el relleno en el final de un paquete de reconocimiento ... • http://www.debian.org/security/2015/dsa-3387 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-6587
https://notcve.org/view.php?id=CVE-2015-6587
02 Sep 2015 — The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC. Vulnerabilidad en OpenAFS en versiones anteriores a 1.6.13, permite a usuarios remotos autenticados causar una denegación de servicio (lectura fuera de rango y caída) a través de una expresión regular manipulada en una RPC VL_ListAttributesN2. • http://www.debian.org/security/2015/dsa-3320 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3286
https://notcve.org/view.php?id=CVE-2015-3286
12 Aug 2015 — Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG. Desbordamiento de buffer en la extensión de kernel Solaris en OpenAFS en versiones anteriores a 1.6.13, permite a usuarios locales causar una denegación de servicio (panic o bloqueo) o posiblemente tener otro impacto no especificado a través de una lista de grupo de gran tamaño cuando ... • http://www.openafs.org/pages/security/OPENAFS-SA-2015-005.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3283 – Debian Security Advisory 3320-1
https://notcve.org/view.php?id=CVE-2015-3283
03 Aug 2015 — OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors. Vulnerabilidad en OpenAFS en versiones anteriores a 1.6.13, permite a atacantes remotos suplantar comandos bos a través de vectores no especificados. It was discovered that OpenAFS, the implementation of the distributed filesystem AFS, contained several flaws that could result in information leak, denial-of-service or kernel panic. • http://www.debian.org/security/2015/dsa-3320 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3285 – Debian Security Advisory 3320-1
https://notcve.org/view.php?id=CVE-2015-3285
03 Aug 2015 — The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command. Vulnerabilidad en el pioctl para el comando OSD FS en OpenAFS en versiones anteriores a 1.6.13, usa el puntero incorrecto cuando escribe los resultados del RPC, lo que permite a usuarios locales causar una denegación de servicio (corrupción de memoria y kernel panic) a tr... • http://www.debian.org/security/2015/dsa-3320 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •