Lucene search
K

639 matches found

Cvelist
Cvelist
added 2024/11/14 7:7 p.m.24 views

CVE-2024-10394 Theft of credentials in Unix client PAGs

A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG...

8.4CVSS0.00202EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/14 12:0 a.m.4 views

OpenAFS 缓冲区错误漏洞

OpenAFS is an OpenAFS open source set of distributed file systems. It allows files and resources to be shared between systems over LANs and WANs. OpenAFS suffers from a buffer error vulnerability that originates from a malicious server that could crash the cache manager and other client utilities...

7.8CVSS7.1AI score0.00406EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/14 12:0 a.m.4 views

PT-2024-16242 · Openafs +1 · Openafs +1

Name of the Vulnerable Software and Affected Versions: OpenAFS affected versions not specified Description: A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining...

8.4CVSS5.6AI score0.00563EPSS
Exploits0References26
Positive Technologies
Positive Technologies
added 2024/11/14 12:0 a.m.3 views

PT-2024-16244 · Openafs +1 · Openafs +1

Name of the Vulnerable Software and Affected Versions: OpenAFS affected versions not specified Description: A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code. Recommendations: At the moment, there is no information about a newer...

8.4CVSS6.5AI score0.00563EPSS
Exploits0References24
CNNVD
CNNVD
added 2024/11/14 12:0 a.m.5 views

OpenAFS 安全漏洞

OpenAFS is an OpenAFS open source set of distributed file systems. It allows files and resources to be shared between systems over LANs and WANs. A security vulnerability exists in OpenAFS, which stems from the fact that an authenticated user can provide an incorrectly formatted ACL to a file...

6.5CVSS6.2AI score0.00563EPSS
Exploits0References6
OSV
OSV
added 2024/06/21 11:8 a.m.6 views

OESA-2024-1737 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client...

8.4CVSS6.2AI score0.02701EPSS
Exploits1References49
OSV
OSV
added 2024/06/21 11:8 a.m.7 views

OESA-2024-1738 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client...

7.8CVSS5.9AI score0.02701EPSS
Exploits1References43
OSV
OSV
added 2024/06/15 12:0 a.m.6 views

OPENSUSE-SU-2024:11113-1 openafs-1.8.8-1.13 on GA media

These are all security issues fixed in the openafs-1.8.8-1.13 package on the GA media of openSUSE Tumbleweed...

9.8CVSS8.6AI score0.03075EPSS
Exploits0References3
OSV
OSV
added 2024/05/21 3:15 p.m.16 views

CVE-2021-47366

In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client switches between them when talking to a non-YFS server if the read...

5.5CVSS6.2AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/05/21 3:15 p.m.36 views

CVE-2021-47366

In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client switches between them when talking to a non-YFS server if the read...

5.5CVSS5.7AI score0.00208EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/05/21 3:3 p.m.22 views

CVE-2021-47366

In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client switches between them when talking to a non-YFS server if the read...

5.5CVSS6.3AI score0.00208EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/05/21 3:3 p.m.25 views

CVE-2021-47366 afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server

In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client switches between them when talking to a non-YFS server if the read...

6.8AI score0.00208EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/21 3:3 p.m.29 views

CVE-2021-47366 afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server

In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client switches between them when talking to a non-YFS server if the read...

6.4AI score0.00208EPSS
Exploits0References2
CVE
CVE
added 2024/05/21 3:3 p.m.103 views

CVE-2021-47366

Summary (CVE-2021-47366) : In the Linux kernel AFS client vulnerability, reads from an OpenAFS server could be corrupted when file positions or read lengths exceeded 2G, due to switching between FS.FetchData (signed 32-bit pos/len) and FS.FetchData64. The fix captures file server capabilities via...

5.5CVSS6.7AI score0.00208EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/05/21 12:0 a.m.6 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from a corruption when reading fpos 2G-4G from an OpenAFS server...

5.5CVSS6.4AI score0.00208EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.17 views

Debian: Security Advisory (DLA-733-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.7AI score0.01685EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.14 views

Debian: Security Advisory (DLA-342-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.5AI score0.02133EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.16 views

Debian: Security Advisory (DLA-493-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6AI score0.01501EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.16 views

Debian: Security Advisory (DLA-1213-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.6AI score0.03053EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.3 views

SUSE CVE-2007-1507

The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the...

7.5CVSS7AI score0.02522EPSS
Exploits0References3
Rows per page
Query Builder