Netatalk

Netatalk

49 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.24%
  • Veröffentlicht 21.05.2026 08:14:44
  • Zuletzt bearbeitet 21.05.2026 15:20:19

A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions.

  • EPSS 0.33%
  • Veröffentlicht 21.05.2026 08:14:41
  • Zuletzt bearbeitet 21.05.2026 15:20:19

A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in unintended session option handling that may allow a remote attacker to c...

  • EPSS 0.33%
  • Veröffentlicht 21.05.2026 08:14:38
  • Zuletzt bearbeitet 21.05.2026 15:20:19

Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions...

  • EPSS 0.34%
  • Veröffentlicht 21.05.2026 08:14:35
  • Zuletzt bearbeitet 21.05.2026 15:20:19

Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of service via memory errors that would otherwise be caught ...

  • EPSS 0.19%
  • Veröffentlicht 21.05.2026 08:14:31
  • Zuletzt bearbeitet 21.05.2026 15:20:19

A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authenticated attacker to obtain limited information via ...

  • EPSS 0.26%
  • Veröffentlicht 21.05.2026 07:35:13
  • Zuletzt bearbeitet 21.05.2026 15:20:19

An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input.

  • EPSS 0.29%
  • Veröffentlicht 21.05.2026 07:35:10
  • Zuletzt bearbeitet 21.05.2026 15:20:19

A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing.

  • EPSS 0.13%
  • Veröffentlicht 21.05.2026 07:35:08
  • Zuletzt bearbeitet 21.05.2026 15:20:19

Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path.

  • EPSS 0.28%
  • Veröffentlicht 21.05.2026 07:35:06
  • Zuletzt bearbeitet 21.05.2026 15:20:19

Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated privileges under error conditions.

  • EPSS 0.09%
  • Veröffentlicht 21.05.2026 07:35:04
  • Zuletzt bearbeitet 21.05.2026 15:20:19

Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor service disruption under specific conditions.