Netatalk
by Netatalk
Source repositories
CVEs (48)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44050 | Cri | 0.57 | 9.9 | 0.00 | May 21, 2026 | A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause a denial of service. | ||
| CVE-2026-44048 | Hig | 0.50 | 8.8 | 0.00 | May 21, 2026 | A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service. | ||
| CVE-2026-44047 | Hig | 0.50 | 8.8 | 0.00 | May 21, 2026 | An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial of service. | ||
| CVE-2026-44051 | Hig | 0.46 | 8.1 | 0.00 | May 21, 2026 | An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation. | ||
| CVE-2026-44068 | Hig | 0.42 | 7.6 | 0.00 | May 21, 2026 | Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names. | ||
| CVE-2026-44062 | Hig | 0.42 | 7.5 | 0.00 | May 21, 2026 | A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data. | ||
| CVE-2026-44060 | Hig | 0.42 | 7.5 | 0.00 | May 21, 2026 | An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request. | ||
| CVE-2026-44055 | Hig | 0.42 | 7.5 | 0.00 | May 21, 2026 | A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code. | ||
| CVE-2026-44052 | Hig | 0.42 | 7.5 | 0.00 | May 21, 2026 | Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials. | ||
| CVE-2026-44049 | Hig | 0.42 | 7.5 | 0.01 | May 21, 2026 | An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data. | ||
| CVE-2026-44053 | Hig | 0.41 | 7.4 | 0.00 | May 21, 2026 | Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic attack. | ||
| CVE-2026-44058 | Hig | 0.40 | 7.2 | 0.01 | May 21, 2026 | An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user mechanism. | ||
| CVE-2026-44066 | Hig | 0.39 | 7.1 | 0.00 | May 21, 2026 | Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor service disruption. | ||
| CVE-2026-44064 | Hig | 0.39 | 7.1 | 0.00 | May 21, 2026 | An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request. | ||
| CVE-2026-44076 | Med | 0.37 | 6.7 | 0.00 | May 21, 2026 | Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path. | ||
| CVE-2026-44056 | Med | 0.35 | 6.4 | 0.00 | May 21, 2026 | A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data. | ||
| CVE-2026-44054 | Med | 0.35 | 6.5 | 0.00 | May 21, 2026 | Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect mechanism. | ||
| CVE-2026-44061 | Med | 0.31 | 5.9 | 0.00 | May 21, 2026 | Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis. | ||
| CVE-2026-44073 | Med | 0.26 | 5.0 | 0.00 | May 21, 2026 | Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated privileges under error conditions. | ||
| CVE-2026-44059 | Med | 0.22 | 4.5 | 0.00 | May 21, 2026 | A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption. |
- risk 0.57cvss 9.9epss 0.00
A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause a denial of service.
- risk 0.50cvss 8.8epss 0.00
A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service.
- risk 0.50cvss 8.8epss 0.00
An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial of service.
- risk 0.46cvss 8.1epss 0.00
An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation.
- risk 0.42cvss 7.6epss 0.00
Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names.
- risk 0.42cvss 7.5epss 0.00
A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data.
- risk 0.42cvss 7.5epss 0.00
An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request.
- risk 0.42cvss 7.5epss 0.00
A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code.
- risk 0.42cvss 7.5epss 0.00
Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials.
- risk 0.42cvss 7.5epss 0.01
An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data.
- risk 0.41cvss 7.4epss 0.00
Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic attack.
- risk 0.40cvss 7.2epss 0.01
An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user mechanism.
- risk 0.39cvss 7.1epss 0.00
Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor service disruption.
- risk 0.39cvss 7.1epss 0.00
An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request.
- risk 0.37cvss 6.7epss 0.00
Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path.
- risk 0.35cvss 6.4epss 0.00
A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data.
- risk 0.35cvss 6.5epss 0.00
Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect mechanism.
- risk 0.31cvss 5.9epss 0.00
Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis.
- risk 0.26cvss 5.0epss 0.00
Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated privileges under error conditions.
- risk 0.22cvss 4.5epss 0.00
A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption.
Page 1 of 3