Lucene search

K

Netatalk Security Vulnerabilities

cve
cve

CVE-2023-42464

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in.....

9.8CVSS

7.2AI Score

0.041EPSS

2023-09-20 03:15 PM
63
cve
cve

CVE-2022-23125

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate.....

9.8CVSS

9.5AI Score

0.03EPSS

2023-03-28 07:15 PM
513
cve
cve

CVE-2022-45188

Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for...

7.8CVSS

8.8AI Score

0.001EPSS

2022-11-12 05:15 AM
86
4
cve
cve

CVE-2022-22995

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary...

10CVSS

9.5AI Score

0.007EPSS

2022-03-25 11:15 PM
161
cve
cve

CVE-2022-0194

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length...

9.8CVSS

9.5AI Score

0.017EPSS

2023-03-28 07:15 PM
492
cve
cve

CVE-2022-23122

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of....

9.8CVSS

9.5AI Score

0.017EPSS

2023-03-28 07:15 PM
479
cve
cve

CVE-2022-23123

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of...

9.8CVSS

7.2AI Score

0.026EPSS

2023-03-28 07:15 PM
77
cve
cve

CVE-2022-23121

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when...

9.8CVSS

9.6AI Score

0.048EPSS

2023-03-28 07:15 PM
600
4
cve
cve

CVE-2022-23124

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of...

9.8CVSS

7.2AI Score

0.018EPSS

2023-03-28 07:15 PM
81
cve
cve

CVE-2021-31439

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results...

8.8CVSS

9.2AI Score

0.002EPSS

2021-05-21 03:15 PM
77
cve
cve

CVE-2022-43634

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length...

9.8CVSS

9.5AI Score

0.058EPSS

2023-03-29 07:15 PM
57
cve
cve

CVE-2018-1160

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code...

9.8CVSS

9.6AI Score

0.922EPSS

2018-12-20 09:29 PM
508
2
cve
cve

CVE-2008-5718

The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted...

7.9AI Score

0.013EPSS

2008-12-26 05:30 PM
52
cve
cve

CVE-2004-0974

The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary...

6AI Score

0.0004EPSS

2005-02-09 05:00 AM
30