CVE-2026-7837
- EPSS 0.24%
- Veröffentlicht 21.05.2026 08:14:44
- Zuletzt bearbeitet 21.05.2026 15:20:19
A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions.
CVE-2026-44075
- EPSS 0.33%
- Veröffentlicht 21.05.2026 08:14:41
- Zuletzt bearbeitet 21.05.2026 15:20:19
A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in unintended session option handling that may allow a remote attacker to c...
CVE-2026-44074
- EPSS 0.33%
- Veröffentlicht 21.05.2026 08:14:38
- Zuletzt bearbeitet 21.05.2026 15:20:19
Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions...
CVE-2026-44071
- EPSS 0.34%
- Veröffentlicht 21.05.2026 08:14:35
- Zuletzt bearbeitet 21.05.2026 15:20:19
Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of service via memory errors that would otherwise be caught ...
CVE-2026-44057
- EPSS 0.19%
- Veröffentlicht 21.05.2026 08:14:31
- Zuletzt bearbeitet 21.05.2026 15:20:19
A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authenticated attacker to obtain limited information via ...
CVE-2026-7836
- EPSS 0.26%
- Veröffentlicht 21.05.2026 07:35:13
- Zuletzt bearbeitet 21.05.2026 15:20:19
An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input.
CVE-2026-7835
- EPSS 0.29%
- Veröffentlicht 21.05.2026 07:35:10
- Zuletzt bearbeitet 21.05.2026 15:20:19
A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing.
CVE-2026-44076
- EPSS 0.13%
- Veröffentlicht 21.05.2026 07:35:08
- Zuletzt bearbeitet 21.05.2026 15:20:19
Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path.
- EPSS 0.28%
- Veröffentlicht 21.05.2026 07:35:06
- Zuletzt bearbeitet 21.05.2026 15:20:19
Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated privileges under error conditions.
- EPSS 0.09%
- Veröffentlicht 21.05.2026 07:35:04
- Zuletzt bearbeitet 21.05.2026 15:20:19
Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor service disruption under specific conditions.