This page lists publicly disclosed CVE vulnerabilities affecting nfs nfs-utils (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2009-0180 | Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedora 9, and before 1.1.4-6.fc10 on Fedora 10, omit TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions, possibly a related issue to CVE-2008-1376. | [email protected] | 7.5 | 1.60% | 2009-01-20 | 2026-06-16 |
| CVE-2008-4552 | The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions. | [email protected] | 7.5 | 2.30% | 2008-10-14 | 2026-06-16 |
| CVE-2004-1014 | statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated. | [email protected] | 5.0 | 2.38% | 2005-01-10 | 2026-06-16 |
| CVE-2004-0946 | rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit architectures does not properly perform an integer conversion, which leads to a stack-based buffer overflow and allows remote attackers to execute arbitrary code via a crafted NFS request. | [email protected] | 10.0 | 11.30% | 2005-01-10 | 2026-06-16 |
| CVE-2004-0154 | rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name. | [email protected] | 5.0 | 1.73% | 2004-06-14 | 2026-06-16 |