pkg:Debian/openafs
56 total CVEsCRITICAL5HIGH15MEDIUM6
✅ Check your installed version
All known vulnerabilities
- from 0, < 1.6.9-2+deb8u8
- from 0, < 1.6.20-2+deb9u2
- from 0, < 1.8.2-1
- from 0, < 1.2.3final2-6
- from 0, < 1.2.6-1
- HIGH7.8CVE-2024-10397A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code.from 0, < 1.8.6-5+deb11u1
- from 0, < 1.8.9-1+deb12u1
- from 0, < 1.8.6-5+deb11u1
- from 0, < 1.8.6-5+deb11u1
- from 0, < 1.6.17-1
- from 0, < 1.6.9-2+deb8u5
- from 0, < 1.6.1-3+deb7u6
- HIGH7.5CVE-2019-18602OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent ove…from 0, < 1.8.5-1
- from 0, < 1.6.9-2+deb8u9
- from 0, < 1.8.5-1
- from 0, < 1.8.2-1
- from 0, < 1.8.2-1
- from 0, < 1.6.22-1
- from 0, < 1.6.20-2+deb9u1
- from 0, < 1.6.1-3+deb7u8
- MEDIUM6.5CVE-2024-10396An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninit…from 0, < 1.8.6-5+deb11u1
- MEDIUM6.5CVE-2016-2860The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypa…from 0, < 1.6.17-1
- MEDIUM5.9CVE-2019-18603OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output…from 0, < 1.8.5-1
- from 0, < 1.6.1-3+deb7u7
- from 0, < 1.6.20-1
- MEDIUM5.3CVE-2016-4536The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes…from 0, < 1.6.17-1
- —CVE-2015-7763rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of a…from 0, < 1.6.15-1
- from 0, < 1.6.15-1
- from 0, < 1.6.1-3+deb7u5
- —CVE-2015-6587The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a c…from 0, < 1.6.13-1
- —CVE-2015-3285The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local u…from 0, < 1.6.13-1
- —CVE-2015-3284pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands.from 0, < 1.6.13-1
- —CVE-2015-3283OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors.from 0, < 1.6.13-1
- from 0, < 1.6.13-1
- from 0, < 1.4.12.1+dfsg-4+squeeze4
- from 0, < 1.6.1-3+deb7u3
- —CVE-2014-4044OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uniniti…from 0, < 1.6.9-1
- —CVE-2014-2852OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (…from 0, < 1.6.7-1
- from 0, < 1.4.12.1+dfsg-4+squeeze3
- from 0, < 1.6.7-1
- —CVE-2013-4135The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartex…from 0, < 1.6.5-1
- from 0, < 1.6.5-1
- from 0, < 1.4.12.1+dfsg-4+squeeze2
- —CVE-2013-1795Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the…from 0, < 1.6.1-3
- from 0, < 1.4.12.1+dfsg-4+squeeze1
- from 0, < 1.6.1-3
- —CVE-2011-0431The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions…from 0, < 1.4.14+dfsg-1
- from 0, < 1.4.14+dfsg-1
- from 0, < 1.4.12.1+dfsg-4
- —CVE-2009-1251Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allow…from 0, < 1.4.10+dfsg1-1
- from 0, < 1.4.2-6etch2
- from 0, < 1.4.10+dfsg1-1
- from 0, < 1.4.6.dfsg1-1
- from 0, < 1.4.2-6etch1
- from 0, < 1.4.2-6
- from 0, < 1.3.81-3sarge2