CVE-2026-44070

Summary: CVE-2026-44070 affects Netatalk 2.0.0 through 4.4.2, with an unbounded memory reallocation in the charset conversion code. The issue can allow a remote authenticated attacker to cause a minor denial of service, as described by CVE records. Root cause: unbounded realloc in charset convers...

CVE-2026-44070 Unbounded realloc in charset conversion

An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...

EUVD-2026-31217

An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...

CVE-2026-44070

An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...

CVE-2026-44070 Unbounded realloc in charset conversion

An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...

CVE-2026-44070

An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...

CVE-2026-44048

A stack-based buffer overflow via UCS-2 type confusion in convertcharset in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service...

Node.js: Memory Corruption via TOCTOU Race in SharedArrayBuffer UTF-8 Decode (`StringBytes::Encode`)

I discovered a memory corruption vulnerability in Node.js's native UTF-8 string decoding path src/stringbytes.cc. When Buffer.prototype.toString'utf8' is called on a Buffer backed by a SharedArrayBuffer, the underlying native code performs a validate-then-convert sequence without copying the data...

PT-2026-42426

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.0 through 4.4.2 Description An unbounded memory reallocation in the charset conversion code allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...

Netatalk 安全漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.0.0 to 4.4.2 of Netatalk contain security vulnerabilities. These vulnerabilities stem from unlimited memory reallocation...

Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-021663)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021663 advisory. MariaDB through 10.5.9 allows attackers to trigger a convertconsttoint use-after-free when the BIGINT data type is used. Tenable has extracted the preceding...

GO-2026-4990 Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes in github.com/gotenberg/gotenberg

Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes in github.com/gotenberg/gotenberg...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: hfs: Ensure that sb-sfsinfo is always cleaned up. When hfs was converted to the new mount API, a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been allocat...

Astra Linux - уязвимость в glib2.0

A flaw was discovered in GLib. A integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds...

Astra Linux - уязвимость в unzip

A flaw was discovered in Unzip. The vulnerability occurs during the conversion of a wide string to a local string, resulting in an out-of-bound write operation on the heap. This flaw allows an attacker to submit a specially crafted zip file, causing a crash or code execution...

Astra Linux - уязвимость в libidn2

GNU libidn2 before version 2.2.0 fails to perform the round-trip checks specified in RFC3490, Section 4.2, when converting A-labels to U-labels. This allows, under certain circumstances, one domain to impersonate another. By creating a malicious domain that matches a target domain except for the...

PT-2026-42375

Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes in github.com/gotenberg/gotenberg...

FreeBSD : nginx-devel -- multiple vulnerabilities (1ed77d8e-53bb-11f1-b339-3497f65b111b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1ed77d8e-53bb-11f1-b339-3497f65b111b advisory. The nginx project reports: nginx 1.31.0 fixes multiple security issues affecting HTTP/2...

RHEL 9 : libssh (RHSA-2026:18683)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18683 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh:...

SUSE-SU-2026:1966-1 Security update for tiff

This update for tiff fixes the following issue - CVE-2026-4775: signed integer overflow in the putcontig8bitYCbCr44tile function bsc1260411...