Shodan
Vulnerabilities
Vulnerable Software
Openafs:  >> Openafs  >> 1.4.9  Security Vulnerabilities
CVE-2015-8312
Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes.
CVSS Score
7.8
EPSS Score
0.0
Published
2016-05-13
CVE-2015-7762
rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.
CVSS Score
5.0
EPSS Score
0.005
Published
2015-11-06
CVE-2015-6587
The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.
CVSS Score
4.0
EPSS Score
0.007
Published
2015-09-02
CVE-2015-3286
Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG.
CVSS Score
4.6
EPSS Score
0.002
Published
2015-08-12
CVE-2015-3285
The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command.
CVSS Score
2.1
EPSS Score
0.001
Published
2015-08-12
CVE-2015-3284
pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands.
CVSS Score
2.1
EPSS Score
0.001
Published
2015-08-12
CVE-2015-3283
OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors.
CVSS Score
6.8
EPSS Score
0.007
Published
2015-08-12
CVE-2015-3282
vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network.
CVSS Score
4.3
EPSS Score
0.005
Published
2015-08-12
CVE-2014-2852
OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet.
CVSS Score
5.0
EPSS Score
0.005
Published
2014-04-14
CVE-2014-0159
Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument.
CVSS Score
5.0
EPSS Score
0.016
Published
2014-04-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved