← Browse

Netatalk

33 CVEs
CVE IDSeverityProduct / summaryPublished
CVE-2026-44047 HIGH 8.8 Netatalk — An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authe… 2026-05-21 CVE-2026-44048 HIGH 8.8 Netatalk — A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 al… 2026-05-21 CVE-2026-44049 HIGH 7.5 Netatalk — An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 a… 2026-05-21 CVE-2026-44050 CRITICAL 9.9 Netatalk — A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a r… 2026-05-21 CVE-2026-44051 HIGH 8.1 Netatalk — An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attack… 2026-05-21 CVE-2026-44052 HIGH 7.5 Netatalk — Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an … 2026-05-21 CVE-2026-44053 HIGH 7.4 Netatalk — Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote… 2026-05-21 CVE-2026-44054 MEDIUM 6.5 Netatalk — Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a… 2026-05-21 CVE-2026-44055 HIGH 7.5 Netatalk — A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated at… 2026-05-21 CVE-2026-44056 MEDIUM 6 Netatalk — A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacke… 2026-05-21 CVE-2026-44057 LOW 3.1 Netatalk — A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachabl… 2026-05-21 CVE-2026-44058 MEDIUM 6.4 Netatalk — An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to auth… 2026-05-21 CVE-2026-44059 LOW 3.9 Netatalk — A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to … 2026-05-21 CVE-2026-44060 HIGH 7.5 Netatalk — An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attack… 2026-05-21 CVE-2026-44061 MEDIUM 5.9 Netatalk — Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote… 2026-05-21 CVE-2026-44062 HIGH 7.5 Netatalk — A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote a… 2026-05-21 CVE-2026-44063 MEDIUM 4.2 Netatalk — An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to mani… 2026-05-21 CVE-2026-44064 HIGH 7.1 Netatalk — An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network atta… 2026-05-21 CVE-2026-44065 LOW 3.7 Netatalk — An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker … 2026-05-21 CVE-2026-44066 HIGH 7.1 Netatalk — Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allo… 2026-05-21 CVE-2026-44067 LOW 3.7 Netatalk — A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote aut… 2026-05-21 CVE-2026-44068 HIGH 7.6 Netatalk — Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a re… 2026-05-21 CVE-2026-44069 LOW 3.4 Netatalk — An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user t… 2026-05-21 CVE-2026-44070 LOW 3.1 Netatalk — An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remot… 2026-05-21 CVE-2026-44071 LOW 3.7 Netatalk — Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detec… 2026-05-21 CVE-2026-44072 LOW 2.5 Netatalk — Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error conditi… 2026-05-21 CVE-2026-44073 MEDIUM 4 Netatalk — Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may … 2026-05-21 CVE-2026-44074 LOW 3.7 Netatalk — Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error cod… 2026-05-21 CVE-2026-44075 LOW 3.7 Netatalk — A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQU… 2026-05-21 CVE-2026-44076 MEDIUM 6.7 Netatalk — Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to in… 2026-05-21 CVE-2026-7835 LOW 3.1 Netatalk — A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to ca… 2026-05-21 CVE-2026-7836 LOW 3.1 Netatalk — An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase chara… 2026-05-21 CVE-2026-7837 LOW 3.7 Netatalk — A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involv… 2026-05-21