CVE-2026-44056

A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data...

CVE-2026-44056 Stack buffer overflow in desktop.c

A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data...

CVE-2026-44056

A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data...

CVE-2026-44055

A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code...

CVE-2026-44051

An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation...

CVE-2026-44051 Arbitrary file read via attacker-controlled symlink creation

An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation...

CVE-2026-44051

An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation...

CVE-2026-44050

A heap-based buffer overflow in the CNID daemon commrcv function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause a denial of service...

CVE-2026-44049 Out-of-bounds write in convert_charset() null termination

An out-of-bounds write due to improper null termination in convertcharset in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data...

CVE-2026-44049

An out-of-bounds write due to improper null termination in convertcharset in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data...

PT-2026-42412

Name of the Vulnerable Software and Affected Versions Netatalk versions 3.1.4 through 4.4.2 Description A logic error involving bitwise OR operations allows a remote authenticated attacker to perform shell injection, enabling the execution of arbitrary OS commands. Recommendations Update to versi...

PT-2026-42428

Name of the Vulnerable Software and Affected Versions Netatalk versions 1.5.0 through 4.4.2 Description Authentication modules fail to check the return value of the seteuid function. This may allow a remote authenticated attacker to retain elevated privileges under error conditions. Recommendatio...

PT-2026-42431

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.0 through 4.4.2 Description An incorrect calculation in the hextoint macro occurs due to improper handling of uppercase characters. This allows a remote authenticated attacker to cause limited data modification by providi...

Netatalk 格式化字符串错误漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.0.3 to 4.4.2 of Netatalk contain a vulnerability related to formatted string errors. This vulnerability arises from...

Netatalk 安全漏洞

Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.0.0 to 4.4.2 of Netatalk have security vulnerabilities. These vulnerabilities stem from improper handling of uppercase...

PT-2026-42418

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.4 through 4.4.2 Description A missing output length bounds check in the pull charset flags function allows a remote authenticated attacker to execute arbitrary code or cause a denial of service by sending crafted characte...

PT-2026-42430

Name of the Vulnerable Software and Affected Versions Netatalk versions 3.0.3 through 4.4.2 Description A format string argument mismatch occurs when the software processes input incorrectly. This allows a remote authenticated attacker to cause a minor denial of service by providing crafted input...

PT-2026-42435

A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authenticated attacker to obtain limited information via crafted Spotlight RPC requests...

CVE-2026-8597

CVE-2026-8597 : Missing integrity verification in the Triton inference handler of the Amazon SageMaker Python SDK (v2 before 2.257.2; v3 before 3.8.0) may allow a remote authenticated actor with S3 write access to replace model artifacts in S3 with a crafted pickle payload, enabling code executio...

CVE-2026-8596 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...