|
3121
|
4.5 |
MEDIUM
Local
|
-
|
-
|
A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption.
|
CWE-362
Race Condition
|
CVE-2026-44059
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3122
|
7.5 |
HIGH
Network
|
-
|
-
|
An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request.
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-44060
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3123
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis.
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-44061
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3124
|
7.5 |
HIGH
Network
|
-
|
-
|
A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted …
|
CWE-787
Out-of-bounds Write
|
CVE-2026-44062
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3125
|
4.2 |
MEDIUM
Network
|
-
|
-
|
An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted fil…
|
CWE-90
LDAP Injection
|
CVE-2026-44063
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3126
|
7.1 |
HIGH
Adjacent
|
-
|
-
|
An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request.
|
CWE-125
Out-of-bounds Read
|
CVE-2026-44064
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3127
|
4.2 |
MEDIUM
Adjacent
|
-
|
-
|
An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data.
|
CWE-193
Off-by-one Error
|
CVE-2026-44065
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3128
|
7.1 |
HIGH
Network
|
-
|
-
|
Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor servic…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-44066
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3129
|
4.2 |
MEDIUM
Network
|
-
|
-
|
A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-44067
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3130
|
7.6 |
HIGH
Network
|
-
|
-
|
Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via…
|
CWE-22
Path Traversal
|
CVE-2026-44068
|
2026-05-22 00:20 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
