|
261
|
7.1 |
HIGH
Adjacent
|
-
|
-
|
An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request.
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-44064
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262
|
4.2 |
MEDIUM
Adjacent
|
-
|
-
|
An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data.
New
|
CWE-193
Off-by-one Error
|
CVE-2026-44065
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263
|
7.1 |
HIGH
Network
|
-
|
-
|
Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor servic…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-44066
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264
|
4.2 |
MEDIUM
Network
|
-
|
-
|
A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-44067
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265
|
7.6 |
HIGH
Network
|
-
|
-
|
Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via…
New
|
CWE-22
Path Traversal
|
CVE-2026-44068
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266
|
3.9 |
LOW
Local
|
-
|
-
|
An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption vi…
New
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-44069
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267
|
3.1 |
LOW
Network
|
-
|
-
|
An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character convers…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-44070
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268
|
3.0 |
LOW
Local
|
-
|
-
|
Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor …
New
|
CWE-78
OS Command
|
CVE-2026-44072
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269
|
5.0 |
MEDIUM
Network
|
-
|
-
|
Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated privileges under error condition…
New
|
CWE-273
Improper Check for Dropped Privileges
|
CVE-2026-44073
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270
|
6.7 |
MEDIUM
Local
|
-
|
-
|
Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path.
New
|
CWE-78
OS Command
|
CVE-2026-44076
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
