Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18603 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2022-01-01 | 4.3 MEDIUM | 5.9 MEDIUM |
| OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer. | |||||
| CVE-2016-9772 | 1 Openafs | 1 Openafs | 2017-02-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses. | |||||
| CVE-2016-2860 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2016-05-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID. | |||||
| CVE-2016-4536 | 1 Openafs | 1 Openafs | 2016-05-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic. | |||||