Linux Distros Unpatched Vulnerability : CVE-2018-16948

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before...

Linux Distros Unpatched Vulnerability : CVE-2018-16949

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array type...

Linux Distros Unpatched Vulnerability : CVE-2019-18602

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a...

Linux Distros Unpatched Vulnerability : CVE-2016-4536

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The client in OpenAFS before 1.6.17 does not properly initialize the 1 AFSStoreStatus, 2 AFSStoreVolumeStatus, 3 VldbListByAttributes, and 4 ListAddrByAttribute...

Linux Distros Unpatched Vulnerability : CVE-2017-17432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service system crash or application cras...

Linux Distros Unpatched Vulnerability : CVE-2015-8312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Off-by-one error in afspioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service memory overwrite and system crash via a pioctl wit...

Linux Distros Unpatched Vulnerability : CVE-2016-2860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access...

Linux Distros Unpatched Vulnerability : CVE-2016-9772

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the 1 client cache partition, 2 fileserver vi...

Linux Distros Unpatched Vulnerability : CVE-2018-16947

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller butc process accepts incoming RPCs but does not require or...

CVE-2024-10394

A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG...

CVE-2014-2852

OpenAFS before 1.6.7 delays the listen thread when an RXSCheckResponse fails, which allows remote attackers to cause a denial of service performance degradation via an invalid packet...

Debian: Security Advisory (DLA-4168-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 4168-1] openafs security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4168-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz May 17, 2025 https://wiki.debian.org/LTS -...

Debian dla-4168 : libafsauthent2 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4168 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4168-2 [email protected] https://www.debian.org/lts/security/...

DLA-4168-1 openafs - security update

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2024-10394

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix clients, allowing the user to create a PAG using an existing i...

Linux Distros Unpatched Vulnerability : CVE-2021-47366

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client...

Mageia: Security Advisory (MGASA-2025-0013)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2025-0013 Updated openafs packages fix security vulnerabilities

A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix client. CVE-2024-10394 An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash. CVE-2024-10396 A malicious server can crash the OpenAFS cac...

Updated openafs packages fix security vulnerabilities

A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix client. CVE-2024-10394 An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash. CVE-2024-10396 A malicious server can crash the OpenAFS cac...