CVE-2026-44060
- EPSS 0.33%
- Veröffentlicht 21.05.2026 07:34:40
- Zuletzt bearbeitet 21.05.2026 15:20:19
An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request.
CVE-2026-44059
- EPSS 0.07%
- Veröffentlicht 21.05.2026 07:34:38
- Zuletzt bearbeitet 21.05.2026 15:20:19
A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption.
CVE-2026-44058
- EPSS 0.53%
- Veröffentlicht 21.05.2026 07:34:36
- Zuletzt bearbeitet 21.05.2026 15:20:19
An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user via the admin auth user mechanism.
CVE-2026-44056
- EPSS 0.25%
- Veröffentlicht 21.05.2026 07:34:34
- Zuletzt bearbeitet 21.05.2026 15:20:19
A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data.
CVE-2026-44055
- EPSS 0.36%
- Veröffentlicht 21.05.2026 07:34:32
- Zuletzt bearbeitet 21.05.2026 15:20:19
A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code.
CVE-2026-44054
- EPSS 0.28%
- Veröffentlicht 21.05.2026 07:34:29
- Zuletzt bearbeitet 21.05.2026 15:20:19
Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect mechanism.
CVE-2026-44053
- EPSS 0.3%
- Veröffentlicht 21.05.2026 07:34:27
- Zuletzt bearbeitet 21.05.2026 15:20:19
Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic attack.
CVE-2026-44052
- EPSS 0.25%
- Veröffentlicht 21.05.2026 07:34:25
- Zuletzt bearbeitet 21.05.2026 15:20:19
Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials.
CVE-2026-44051
- EPSS 0.48%
- Veröffentlicht 21.05.2026 07:34:23
- Zuletzt bearbeitet 21.05.2026 15:20:19
An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation.
CVE-2026-44050
- EPSS 0.42%
- Veröffentlicht 21.05.2026 07:34:21
- Zuletzt bearbeitet 21.05.2026 15:20:19
A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause a denial of service.