CVE-2014-4044

OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service uninitialized memory access and crash via unspecified vectors related to TMAY requests...

CVE-2013-4134

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption DES for Kerberos keys, which makes it easier for remote attackers to obtain the service key...