Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-44073 | MEDIUM | 5.0 | Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated … | May 21, 2026 |
| CVE-2026-44072 | LOW | 3.0 | Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended … | May 21, 2026 |
| CVE-2026-44070 | LOW | 3.1 | An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of … | May 21, 2026 |
| CVE-2026-44069 | LOW | 3.9 | An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or … | May 21, 2026 |
| CVE-2026-44068 | HIGH | 7.6 | Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended … | May 21, 2026 |
| CVE-2026-44067 | MEDIUM | 4.2 | A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause … | May 21, 2026 |
| CVE-2026-44066 | HIGH | 7.1 | Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or … | May 21, 2026 |
| CVE-2026-44065 | MEDIUM | 4.2 | An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor … | May 21, 2026 |
| CVE-2026-44064 | HIGH | 7.1 | An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a … | May 21, 2026 |
| CVE-2026-44063 | MEDIUM | 4.2 | An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP … | May 21, 2026 |
| CVE-2026-44062 | HIGH | 7.5 | A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a … | May 21, 2026 |
| CVE-2026-44061 | MEDIUM | 5.9 | Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis. | May 21, 2026 |
| CVE-2026-44060 | HIGH | 7.5 | An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI … | May 21, 2026 |
| CVE-2026-44059 | MEDIUM | 4.5 | A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or … | May 21, 2026 |
| CVE-2026-44058 | HIGH | 7.2 | An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user … | May 21, 2026 |
| CVE-2026-44056 | MEDIUM | 6.4 | A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, … | May 21, 2026 |
| CVE-2026-44055 | HIGH | 7.5 | A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code. | May 21, 2026 |
| CVE-2026-44054 | MEDIUM | 6.5 | Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service … | May 21, 2026 |
| CVE-2026-44053 | HIGH | 7.4 | Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a … | May 21, 2026 |
| CVE-2026-44052 | HIGH | 7.5 | Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain … | May 21, 2026 |
| CVE-2026-44051 | HIGH | 8.1 | An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled … | May 21, 2026 |
| CVE-2026-44050 | CRITICAL | 9.9 | A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with … | May 21, 2026 |
| CVE-2026-44049 | HIGH | 7.5 | An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or … | May 21, 2026 |
| CVE-2026-44048 | HIGH | 8.8 | A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or … | May 21, 2026 |
| CVE-2026-44047 | HIGH | 8.8 | An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, … | May 21, 2026 |