CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9772
https://notcve.org/view.php?id=CVE-2016-9772
06 Feb 2017 — OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses. OpenAFS 1.6.19 y versiones anteriores permiten a atacantes remotos obtener información de directorio sensible a través de vectores que implican (1) la partición de caché de cliente, (2) partición del servidor de archivos vice o (3) ciertas respuestas de RPC. • http://www.openwall.com/lists/oss-security/2016/12/02/9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4536
https://notcve.org/view.php?id=CVE-2016-4536
13 May 2016 — The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic. El cliente en OpenAFS en versiones anteriores a 1.6.17 no inicializa adecuadamente las estructuras (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes y (4) ListAddrByAttributes, lo que podría pe... • https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2860 – Debian Security Advisory 3569-1
https://notcve.org/view.php?id=CVE-2016-2860
05 May 2016 — The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID. La función newEntry en ptserver/ptprocs.c en OpenAFS en versiones anteriores a 1.6.17 permite a usuarios remotos autenticados de dominios Kerberos ajenos eludir las restricciones destinadas al acceso y crear grupos arbitrarios como administradores ap... • http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=396240cf070a806b91fea81131d034e1399af1e0 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8312 – Debian Security Advisory 3569-1
https://notcve.org/view.php?id=CVE-2015-8312
05 May 2016 — Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes. Error por un paso en afs_pioctl.c en OpenAFS en versiones anteriores a 1.6.16 podría permitir a usuarios locales provocar una denegación de servicio (sobrescritura de memoria y caída de sistema) a través de un pioctl con un tamaño de buffer de entrada de 4096 bytes. Two vulnerabilities were discovered in opena... • http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=2ef863720da4d9f368aaca0461c672a3008195ca • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2015-7762 – Debian Security Advisory 3387-1
https://notcve.org/view.php?id=CVE-2015-7762
02 Nov 2015 — rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network. rx/rx.c en OpenAFS en versiones anteriores a 1.6.15 y 1.7.x en versiones anteriores a 1.7.33 no inicializa adecuadamente el relleno de una estructura de datos cuando construye un paquete de reconocimiento (ACK) Rx, ... • http://www.debian.org/security/2015/dsa-3387 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 49EXPL: 0CVE-2015-7763 – Debian Security Advisory 3387-1
https://notcve.org/view.php?id=CVE-2015-7763
02 Nov 2015 — rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network. rx/rx.c en OpenAFS 1.5.75 hasta la versión 1.5.78, 1.6.x en vesiones anteriores a 1.6.15 y 1.7.x en versiones anteriores a 1.7.33 no inicializa adecuadamente el relleno en el final de un paquete de reconocimiento ... • http://www.debian.org/security/2015/dsa-3387 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 81EXPL: 0CVE-2013-4134 – Mandriva Linux Security Advisory 2014-244
https://notcve.org/view.php?id=CVE-2013-4134
29 Jul 2013 — OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key. OpenAFS anterior a 1.4.15, 1.6.x anterior a 1.6.5 y 1.7.x anterior a 1.7.26 utiliza cifrado débil (DES) para las claves de Kerberos, lo que hace que sea más fácil para los atacantes remotos para obtener la clave de servicio. Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to... • http://www.debian.org/security/2013/dsa-2729 • CWE-310: Cryptographic Issues •