VYPR

Vendor CVEs

Netatalk

All CVEs

49 total · sorted by risk
  • CVE-2026-44050CriMay 21, 2026
    risk 0.57cvss 9.9epss 0.00

    A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause a denial of service.

  • CVE-2026-44048HigMay 21, 2026
    risk 0.50cvss 8.8epss 0.00

    A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service.

  • CVE-2026-44047HigMay 21, 2026
    risk 0.50cvss 8.8epss 0.00

    An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial of service.

  • CVE-2026-44051HigMay 21, 2026
    risk 0.46cvss 8.1epss 0.00

    An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation.

  • CVE-2026-44068HigMay 21, 2026
    risk 0.42cvss 7.6epss 0.00

    Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names.

  • CVE-2026-44062HigMay 21, 2026
    risk 0.42cvss 7.5epss 0.00

    A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data.

  • CVE-2026-44060HigMay 21, 2026
    risk 0.42cvss 7.5epss 0.00

    An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request.

  • CVE-2026-44055HigMay 21, 2026
    risk 0.42cvss 7.5epss 0.00

    A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code.

  • CVE-2026-44052HigMay 21, 2026
    risk 0.42cvss 7.5epss 0.00

    Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials.

  • CVE-2026-44049HigMay 21, 2026
    risk 0.42cvss 7.5epss 0.01

    An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data.

  • CVE-2026-44053HigMay 21, 2026
    risk 0.41cvss 7.4epss 0.00

    Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic attack.

  • CVE-2026-44058HigMay 21, 2026
    risk 0.40cvss 7.2epss 0.01

    An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user mechanism.

  • CVE-2026-44066HigMay 21, 2026
    risk 0.39cvss 7.1epss 0.00

    Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor service disruption.

  • CVE-2026-44064HigMay 21, 2026
    risk 0.39cvss 7.1epss 0.00

    An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request.

  • CVE-2026-44076MedMay 21, 2026
    risk 0.37cvss 6.7epss 0.00

    Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path.

  • CVE-2026-44056MedMay 21, 2026
    risk 0.35cvss 6.4epss 0.00

    A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data.

  • CVE-2026-44054MedMay 21, 2026
    risk 0.35cvss 6.5epss 0.00

    Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect mechanism.

  • CVE-2026-44061MedMay 21, 2026
    risk 0.31cvss 5.9epss 0.00

    Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis.

  • CVE-2026-44073MedMay 21, 2026
    risk 0.26cvss 5.0epss 0.00

    Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated privileges under error conditions.

  • CVE-2026-44059MedMay 21, 2026
    risk 0.22cvss 4.5epss 0.00

    A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption.

  • CVE-2026-44067MedMay 21, 2026
    risk 0.20cvss 4.2epss 0.00

    A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data.

  • CVE-2026-44065MedMay 21, 2026
    risk 0.20cvss 4.2epss 0.00

    An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data.

  • CVE-2026-44063MedMay 21, 2026
    risk 0.20cvss 4.2epss 0.00

    An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted filter input.

  • CVE-2026-44069LowMay 21, 2026
    risk 0.18cvss 3.9epss 0.00

    An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input.

  • CVE-2026-7837LowMay 21, 2026
    risk 0.17cvss 3.7epss 0.00

    A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions.

  • CVE-2026-44075LowMay 21, 2026
    risk 0.17cvss 3.7epss 0.00

    A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in unintended session option handling that may allow a remote attacker to cause a minor service…

  • CVE-2026-44074LowMay 21, 2026
    risk 0.17cvss 3.7epss 0.00

    Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect…

  • CVE-2026-44071LowMay 21, 2026
    risk 0.17cvss 3.7epss 0.00

    Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of service via memory errors that would otherwise be caught and safely terminated by…

  • CVE-2026-44057LowMay 21, 2026
    risk 0.13cvss 3.1epss 0.00

    A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authenticated attacker to obtain limited information via crafted Spotlight RPC…

  • CVE-2026-7836LowMay 21, 2026
    risk 0.13cvss 3.1epss 0.00

    An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input.

  • CVE-2026-7835LowMay 21, 2026
    risk 0.13cvss 3.1epss 0.00

    A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing.

  • CVE-2026-44072LowMay 21, 2026
    risk 0.13cvss 3.0epss 0.00

    Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor service disruption under specific conditions.

  • CVE-2026-44070LowMay 21, 2026
    risk 0.13cvss 3.1epss 0.00

    An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests.

  • CVE-2018-1160Dec 20, 2018
    risk 0.10cvss epss 0.87

    Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

  • CVE-2022-23125Mar 28, 2023
    risk 0.03cvss epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not…

  • CVE-2022-43634Mar 29, 2023
    risk 0.02cvss epss 0.19

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper…

  • CVE-2023-42464Sep 20, 2023
    risk 0.01cvss epss 0.02

    A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the…

  • CVE-2022-23122Mar 28, 2023
    risk 0.01cvss epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper…

  • CVE-2022-0194Mar 28, 2023
    risk 0.01cvss epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper…

  • CVE-2022-23121Mar 28, 2023
    risk 0.01cvss epss 0.09

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error…

  • CVE-2022-23123Mar 28, 2023
    risk 0.01cvss epss 0.04

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper…

  • CVE-2024-38441Jun 16, 2024
    risk 0.00cvss epss 0.01

    Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions.

  • CVE-2024-38439Jun 16, 2024
    risk 0.00cvss epss 0.01

    Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions.

  • CVE-2024-38440Jun 16, 2024
    risk 0.00cvss epss 0.01

    Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0)…

  • CVE-2022-23124Mar 28, 2023
    risk 0.00cvss epss 0.03

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper…

  • CVE-2022-45188Nov 12, 2022
    risk 0.00cvss epss 0.01

    Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).

  • CVE-2022-22995Mar 25, 2022
    risk 0.00cvss epss 0.03

    The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

  • CVE-2008-5718Dec 26, 2008
    risk 0.00cvss epss 0.05

    The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title.

  • CVE-2004-0974Feb 9, 2005
    risk 0.00cvss epss 0.00

    The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.