CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3284
https://notcve.org/view.php?id=CVE-2015-3284
pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands. Vulnerabilidad en pioctls en OpenAFS 1.6.x en versiones anteriores a 1.6.13, permite a usuarios locales leer la memoria del kernel a través de comandos manipulados. • http://www.debian.org/security/2015/dsa-3320 http://www.openafs.org/pages/security/OPENAFS-SA-2015-003.txt http://www.securitytracker.com/id/1033262 https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3283
https://notcve.org/view.php?id=CVE-2015-3283
OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors. Vulnerabilidad en OpenAFS en versiones anteriores a 1.6.13, permite a atacantes remotos suplantar comandos bos a través de vectores no especificados. • http://www.debian.org/security/2015/dsa-3320 http://www.openafs.org/pages/security/OPENAFS-SA-2015-002.txt http://www.securitytracker.com/id/1033262 https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3282
https://notcve.org/view.php?id=CVE-2015-3282
vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network. Vulnerabilidad en vos en OpenAFS en versiones anteriores a 1.6.13, cuando se actualizan las entradas VLDB, permite a atacantes remotos obtener información de la pila de memoria rastreando la red. • http://www.debian.org/security/2015/dsa-3320 http://www.openafs.org/pages/security/OPENAFS-SA-2015-001.txt http://www.securitytracker.com/id/1033262 https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3285
https://notcve.org/view.php?id=CVE-2015-3285
The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command. Vulnerabilidad en el pioctl para el comando OSD FS en OpenAFS en versiones anteriores a 1.6.13, usa el puntero incorrecto cuando escribe los resultados del RPC, lo que permite a usuarios locales causar una denegación de servicio (corrupción de memoria y kernel panic) a través de un comando OSD FS manipulado. • http://www.debian.org/security/2015/dsa-3320 http://www.openafs.org/pages/security/OPENAFS-SA-2015-004.txt http://www.securitytracker.com/id/1033262 https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 81EXPL: 0CVE-2013-4134
https://notcve.org/view.php?id=CVE-2013-4134
OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key. OpenAFS anterior a 1.4.15, 1.6.x anterior a 1.6.5 y 1.7.x anterior a 1.7.26 utiliza cifrado débil (DES) para las claves de Kerberos, lo que hace que sea más fácil para los atacantes remotos para obtener la clave de servicio. • http://www.debian.org/security/2013/dsa-2729 http://www.mandriva.com/security/advisories?name=MDVSA-2014:244 http://www.openafs.org/pages/security/OPENAFS-SA-2013-003.txt • CWE-310: Cryptographic Issues •