|
261
|
8.1 |
HIGH
Network
|
-
|
-
|
An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink c…
New
|
CWE-59
Link Following
|
CVE-2026-44051
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262
|
7.5 |
HIGH
Network
|
-
|
-
|
Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials.
New
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-44052
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263
|
7.4 |
HIGH
Network
|
-
|
-
|
Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic at…
New
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-44053
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect m…
New
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2026-44054
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265
|
7.5 |
HIGH
Network
|
-
|
-
|
A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code.
New
|
CWE-78
OS Command
|
CVE-2026-44055
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266
|
6.4 |
MEDIUM
Network
|
-
|
-
|
A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data.
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-44056
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267
|
7.2 |
HIGH
Network
|
-
|
-
|
An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user mechanism.
New
|
CWE-287
Improper Authentication
|
CVE-2026-44058
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268
|
4.5 |
MEDIUM
Local
|
-
|
-
|
A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption.
New
|
CWE-362
Race Condition
|
CVE-2026-44059
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269
|
7.5 |
HIGH
Network
|
-
|
-
|
An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request.
New
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-44060
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis.
New
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-44061
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
