18652 matches found
CVE-2026-7835 Format string argument mismatch
A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing...
CVE-2026-44068
Incomplete sanitization of extended attribute EA path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names...
CVE-2026-44066
Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor service disruption...
CVE-2026-44056 Stack buffer overflow in desktop.c
A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data...
CVE-2026-44056
A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data...
CVE-2026-44056
A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data...
CVE-2026-44055
A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code...
CVE-2026-44051
An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation...
CVE-2026-44051 Arbitrary file read via attacker-controlled symlink creation
An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation...
CVE-2026-44051
An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation...
CVE-2026-44050
A heap-based buffer overflow in the CNID daemon commrcv function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause a denial of service...
CVE-2026-44049 Out-of-bounds write in convert_charset() null termination
An out-of-bounds write due to improper null termination in convertcharset in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data...
CVE-2026-44049
An out-of-bounds write due to improper null termination in convertcharset in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data...
Netatalk 格式化字符串错误漏洞
Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.0.3 to 4.4.2 of Netatalk contain a vulnerability related to formatted string errors. This vulnerability arises from...
Netatalk 安全漏洞
Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.0.0 to 4.4.2 of Netatalk have security vulnerabilities. These vulnerabilities stem from improper handling of uppercase...
PT-2026-42428
Name of the Vulnerable Software and Affected Versions Netatalk versions 1.5.0 through 4.4.2 Description Authentication modules fail to check the return value of the seteuid function. This may allow a remote authenticated attacker to retain elevated privileges under error conditions. Recommendatio...
PT-2026-42430
Name of the Vulnerable Software and Affected Versions Netatalk versions 3.0.3 through 4.4.2 Description A format string argument mismatch occurs when the software processes input incorrectly. This allows a remote authenticated attacker to cause a minor denial of service by providing crafted input...
PT-2026-42418
Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.4 through 4.4.2 Description A missing output length bounds check in the pull charset flags function allows a remote authenticated attacker to execute arbitrary code or cause a denial of service by sending crafted characte...
PT-2026-42412
Name of the Vulnerable Software and Affected Versions Netatalk versions 3.1.4 through 4.4.2 Description A logic error involving bitwise OR operations allows a remote authenticated attacker to perform shell injection, enabling the execution of arbitrary OS commands. Recommendations Update to versi...
PT-2026-42435
A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authenticated attacker to obtain limited information via crafted Spotlight RPC requests...