848 matches found
CVE-2026-44053
A flaw was found in Netatalk. Weak cryptography in the dhcast128 User Authentication Module UAM allows a remote attacker to potentially compromise the confidentiality and integrity of data. This vulnerability could enable unauthorized access to sensitive information or allow for the manipulation ...
CVE-2026-44075
A flaw was found in Netatalk. A missing break statement in the DSI OpenSession processing allows a remote attacker to cause a minor service disruption. This occurs when a DSIOPTATTNQUANT switch case falls through into DSIOPTSERVQUANT, leading to unintended session option handling via crafted DSI...
CVE-2026-44069
A flaw was found in Netatalk. A local attacker with high privileges could exploit an integer underflow vulnerability in the volxlate function. This flaw may lead to information disclosure, data corruption, or a denial of service due to improper handling of integer values...
CVE-2026-44072
A flaw was found in Netatalk. A highly privileged local attacker could exploit a vulnerability where the system function is called after a failed chdir operation. This could lead to unintended command execution, potentially resulting in low impact to system integrity or availability...
CVE-2026-44067
A flaw was found in Netatalk. An attacker could exploit a heap over-read vulnerability during extended attribute ea header parsing. This flaw may lead to information disclosure or a denial of service DoS...
CVE-2026-44056
A flaw was found in Netatalk. A remote attacker with low privileges could exploit a stack buffer overflow vulnerability in the desktop.c component. This could lead to a denial of service DoS, making the service unavailable, and potentially result in limited information disclosure or integrity...
CVE-2026-44068
A flaw was found in Netatalk. Incomplete sanitization of extended attribute ea paths allows a remote attacker to perform a path traversal. This vulnerability could enable an attacker to access or modify arbitrary files outside of the intended directory, leading to a high impact on data integrity...
CVE-2026-44062
A flaw was found in Netatalk. A remote attacker could exploit a missing bounds check in the pullcharsetflags function. This vulnerability could lead to arbitrary code execution or a denial of service, severely impacting the confidentiality, integrity, and availability of the affected system...
CVE-2026-44061
A flaw was found in Netatalk. This vulnerability involves the DES-ECB Data Encryption Standard - Electronic Codebook authentication mechanism, which is susceptible to a timing side channel attack. A remote attacker could potentially exploit this timing difference during authentication to gain...
CVE-2026-44073
A flaw was found in Netatalk. A remote attacker with low privileges could exploit a vulnerability where the seteuid system call failure is ignored within authentication modules. This oversight may allow the attacker to perform unauthorized actions, leading to a low impact on confidentiality,...
CVE-2026-44051
A flaw was found in Netatalk. This vulnerability allows an attacker to perform arbitrary file reads by creating attacker-controlled symbolic links. This could lead to the disclosure of sensitive information on the affected system...
CVE-2026-44059
A flaw was found in Netatalk. This vulnerability, related to a non-reentrant privilege toggle, could allow a local attacker with low privileges to potentially bypass security restrictions. This could lead to a low impact on confidentiality, integrity, and availability of the system...
CVE-2026-44049
A flaw was found in Netatalk. A remote attacker could exploit an out-of-bounds write vulnerability within the convertcharset function. This issue, caused by improper null termination, allows an attacker to write data beyond the allocated memory buffer. Successful exploitation could lead to...
CVE-2026-44054
A flaw was found in Netatalk. A remote attacker could exploit a predictable afpd session token, which is used for managing user sessions, to cause a Denial of Service DoS. This vulnerability allows an attacker to disrupt the availability of the affected service...
CVE-2026-44052
A flaw was found in Netatalk. A remote attacker could exploit this flaw due to ldap simple-bind passwords being exposed in log output. This could lead to sensitive information disclosure, specifically the exposure of user credentials...
CVE-2026-7836
A flaw was found in Netatalk. A remote attacker with low privileges could exploit a bug in the hextoint macro related to uppercase characters. This vulnerability could lead to a low impact on data integrity...
CVE-2026-44074
A flaw was found in Netatalk. A remote attacker may cause a minor service disruption by triggering conditions that lead to multiple simultaneous error conditions. This occurs because Netatalk incorrectly combines multiple error values using a bitwise OR operation, resulting in incorrect error cod...
CVE-2026-44071
A flaw was found in Netatalk. This issue arises because the software is compiled without FORTIFYSOURCE, a security feature that provides built-in buffer overflow detection at runtime. A remote attacker could exploit this by triggering memory errors that would otherwise be safely handled, leading ...
CVE-2026-44057
A flaw was found in Netatalk. A dead bounds check in the Spotlight RPC unmarshaller may allow a remote authenticated attacker to obtain limited information. This vulnerability is triggered by sending crafted Spotlight RPC requests, leading to an information disclosure...
CVE-2026-7837
A flaw was found in Netatalk. A remote attacker may exploit a time-of-check time-of-use TOCTOU condition, where the state of a resource is checked, and then used, but the state changes between the check and the use. This condition, specifically in the adflush function, involves root-privileged fi...