CVSS: 7.5EPSS: 0%CPEs: 49EXPL: 0CVE-2015-7763 – Debian Security Advisory 3387-1
https://notcve.org/view.php?id=CVE-2015-7763
02 Nov 2015 — rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network. rx/rx.c en OpenAFS 1.5.75 hasta la versión 1.5.78, 1.6.x en vesiones anteriores a 1.6.15 y 1.7.x en versiones anteriores a 1.7.33 no inicializa adecuadamente el relleno en el final de un paquete de reconocimiento ... • http://www.debian.org/security/2015/dsa-3387 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 81EXPL: 0CVE-2013-4134 – Mandriva Linux Security Advisory 2014-244
https://notcve.org/view.php?id=CVE-2013-4134
29 Jul 2013 — OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key. OpenAFS anterior a 1.4.15, 1.6.x anterior a 1.6.5 y 1.7.x anterior a 1.7.26 utiliza cifrado débil (DES) para las claves de Kerberos, lo que hace que sea más fácil para los atacantes remotos para obtener la clave de servicio. Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to... • http://www.debian.org/security/2013/dsa-2729 • CWE-310: Cryptographic Issues •