pkg:Debian/netatalk
67 total CVEsCRITICAL17HIGH18MEDIUM9LOW10
✅ Check your installed version
All known vulnerabilities
- CRITICAL9.9CVE-2026-44050A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker…from 0
- CRITICAL9.8CVE-2024-38441Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in…from 0, < 3.1.12~ds-8+deb11u2
- CRITICAL9.8CVE-2024-38439Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLogi…from 0, < 3.1.12~ds-8+deb11u2
- from 0, < 3.1.12~ds-8+deb11u1
- from 0, < 3.1.12~ds-3+deb10u4
- CRITICAL9.8CVE-2022-43634This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk.from 0, < 3.1.12~ds-8+deb11u1
- CRITICAL9.8CVE-2022-23125This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk.from 0, < 3.1.12~ds-8+deb11u1
- CRITICAL9.8CVE-2022-23124This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk.from 0, < 3.1.12~ds-8+deb11u1
- CRITICAL9.8CVE-2022-23123This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk.from 0, < 3.1.12~ds-8+deb11u1
- CRITICAL9.8CVE-2022-23122This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk.from 0, < 3.1.12~ds-8+deb11u1
- CRITICAL9.8CVE-2022-23121This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk.from 0, < 3.1.12~ds-8+deb11u1
- CRITICAL9.8CVE-2022-0194This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk.from 0, < 3.1.12~ds-8+deb11u1
- from 0, < 3.1.12~ds-3+deb10u5
- from 0, < 3.1.12~ds-8+deb11u2
- from 0, < 3.1.12~ds-8+deb11u2
- from 0, < 2.2.5-2+deb9u1
- from 0, < 2.2.6-2
- HIGH8.8CVE-2026-44048A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated a…from 0
- HIGH8.8CVE-2026-44047An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain u…from 0
- from 0, < 3.1.12~ds-8+deb11u1
- from 0, < 3.1.12~ds-3+deb10u1
- from 0, < 3.1.12~ds-8+deb11u1
- HIGH8.1CVE-2026-44051An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or…from 0
- HIGH7.8CVE-2022-45188Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file.from 0, < 3.1.12~ds-8+deb11u1
- HIGH7.6CVE-2026-44068Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker t…from 0
- HIGH7.5CVE-2026-44062A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to exec…from 0
- HIGH7.5CVE-2026-44060An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of servi…from 0
- HIGH7.5CVE-2026-44055A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands…from 0
- HIGH7.5CVE-2026-44052Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the l…from 0
- HIGH7.5CVE-2026-44049An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated…from 0
- HIGH7.5CVE-2024-38440Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly…from 0, < 3.1.12~ds-8+deb11u2
- HIGH7.4CVE-2026-44053Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentic…from 0
- HIGH7.2CVE-2026-44058An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary user…from 0
- HIGH7.1CVE-2026-44066Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated atta…from 0
- HIGH7.1CVE-2026-44064An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited inform…from 0
- MEDIUM6.7CVE-2026-44076Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute…from 0
- MEDIUM6.5CVE-2026-44054Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacke…from 0
- MEDIUM6.4CVE-2026-44056A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of servic…from 0
- MEDIUM5.9CVE-2026-44061Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authenti…from 0
- MEDIUM5.0CVE-2026-44073Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated…from 0
- MEDIUM4.5CVE-2026-44059A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, m…from 0
- MEDIUM4.2CVE-2026-44067A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain…from 0
- MEDIUM4.2CVE-2026-44065An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cau…from 0
- MEDIUM4.2CVE-2026-44063An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtai…from 0
- LOW3.9CVE-2026-44069An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information,…from 0
- LOW3.7CVE-2026-7837A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file opera…from 0
- LOW3.7CVE-2026-44075A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall throu…from 0
- LOW3.7CVE-2026-44074Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error condit…from 0
- LOW3.7CVE-2026-44071Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detection at runtime, potentially…from 0
- LOW3.1CVE-2026-44057A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no…from 0
- LOW3.1CVE-2026-7836An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote…from 0
- LOW3.1CVE-2026-7835A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service…from 0
- LOW3.1CVE-2026-44070An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to c…from 0
- LOW3.0CVE-2026-44072Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local priv…from 0
- from 0
- from 0
- from 0
- from 0
- from 0
- from 0
- from 0
- from 0
- from 0
- from 0, < 2.0.4~beta2-1
- from 0, < 2.0.3-11+lenny1
- from 0, < 2.0.3-4+etch1
- —CVE-2004-0974The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files v…from 0, < 1.6.4a-1