Lucene search
K

10 matches found

NVD
NVD
added 2026/05/21 8:16 a.m.11 views

CVE-2026-44050

A heap-based buffer overflow in the CNID daemon commrcv function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause a denial of service...

9.9CVSS0.00418EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 7:35 a.m.26 views

CVE-2026-44076

CVE-2026-44076 affects Netatalk versions 3.1.0 through 4.4.2, with shell injection via volume path. The issue arises from insufficient sanitization of volume paths and is fixed in 4.4.3. Impact is described as local, with potential for arbitrary code execution by a local privileged user through a...

6.7CVSS6.2AI score0.0013EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 7:34 a.m.22 views

CVE-2026-44062

In Netatalk (versions 2.0.4–4.4.2) a missing o_len bounds check in pull_charset_flags() enables out-of-bounds processing; fixed in 4.4.3 (per NVD). Debian advisory groups the CVE under a security update and recommends upgrading to a secure netatalk package; apply vendor-provided patches (e.g., De...

7.5CVSS6.2AI score0.00357EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 7:34 a.m.38 views

CVE-2026-44060 Integer underflow in dsi_writeinit() leads to denial of service

An integer underflow in dsiwriteinit in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request...

7.5CVSS0.00328EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 7:34 a.m.24 views

CVE-2026-44055

Netatalk 3.1.4–4.4.2 contains a bitwise OR/logic bug that permits shell injection. The issue affects Netatalk’s AFP implementation and can lead to remote command execution (high impact). Fixed in version 4.4.3. Affected: Netatalk 3.1.4–4.4.2; Remediation: upgrade to 4.4.3 or later. Exploitation s...

7.5CVSS6.1AI score0.0036EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 7:34 a.m.47 views

CVE-2026-44054 Predictable afpd session token

Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect mechanism...

6.5CVSS0.0028EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 7:34 a.m.43 views

CVE-2026-44052 LDAP simple-bind password exposure in log output

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...

7.5CVSS0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 7:34 a.m.40 views

CVE-2026-44050 Heap buffer overflow in CNID daemon comm_rcv()

A heap-based buffer overflow in the CNID daemon commrcv function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause a denial of service...

9.9CVSS0.00418EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/21 7:33 a.m.12 views

EUVD-2026-31226

An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial of service...

8.8CVSS5.9AI score0.00371EPSS
Exploits0References1
NVD
NVD
added 2021/06/22 6:15 p.m.14 views

CVE-2021-32644

Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running in demo mode. Th...

6.4CVSS0.00843EPSS
Exploits1References2
Rows per page
Query Builder