Page 5 of 36 results (0.004 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors. Vulnerabilidad en OpenAFS en versiones anteriores a 1.6.13, permite a atacantes remotos suplantar comandos bos a través de vectores no especificados. • http://www.debian.org/security/2015/dsa-3320 http://www.openafs.org/pages/security/OPENAFS-SA-2015-002.txt http://www.securitytracker.com/id/1033262 https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network. Vulnerabilidad en vos en OpenAFS en versiones anteriores a 1.6.13, cuando se actualizan las entradas VLDB, permite a atacantes remotos obtener información de la pila de memoria rastreando la red. • http://www.debian.org/security/2015/dsa-3320 http://www.openafs.org/pages/security/OPENAFS-SA-2015-001.txt http://www.securitytracker.com/id/1033262 https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests. OpenAFS versión 1.6.8, no limpia apropiadamente los campos en la estructura del host, lo que permite a los atacantes remotos causar una denegación de servicio (acceso a la memoria no inicializada y bloqueo) por medio de vectores no especificados relacionados con peticiones TMAY. • http://gerrit.openafs.org/#change%2C11283 http://www.openwall.com/lists/oss-security/2014/06/12/1 http://www.openwall.com/lists/oss-security/2014/06/13/3 http://www.securityfocus.com/bid/68003 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0

OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet. OpenAFS anterior a 1.6.7 retrasa el hilo de escucha cuando falla un RXS_CheckResponse, lo que permite a atacantes remotos causar una denegación de servicio (degradación de rendimiento) a través de un paquete invalido. • http://www.debian.org/security/2014/dsa-2899 http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 30%CPEs: 19EXPL: 0

Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument. Desbordamiento de buffer en la llamada de procedimientos remotos (RPC) GetStatistics64 en OpenAFS 1.4.8 anterior a 1.6.7 permite a atacantes remotos causar una denegación de servicio (caída) a través de un argumento statsVersion manipulado. • http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt http://secunia.com/advisories/57779 http://secunia.com/advisories/57832 http://www.debian.org/security/2014/dsa-2899 http://www.mandriva.com/security/advisories?name=MDVSA-2014:244 http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •