Search CVE reports
471 – 480 of 36525 results
An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input.
1 affected package
netatalk
| Package | 24.04 LTS |
|---|---|
| netatalk | Needs evaluation |
A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing.
1 affected package
netatalk
| Package | 24.04 LTS |
|---|---|
| netatalk | Needs evaluation |
Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path.
1 affected package
netatalk
| Package | 24.04 LTS |
|---|---|
| netatalk | Needs evaluation |
Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated privileges under error conditions.
1 affected package
netatalk
| Package | 24.04 LTS |
|---|---|
| netatalk | Needs evaluation |
Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor service disruption...
1 affected package
netatalk
| Package | 24.04 LTS |
|---|---|
| netatalk | Needs evaluation |
An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests.
1 affected package
netatalk
| Package | 24.04 LTS |
|---|---|
| netatalk | Needs evaluation |
An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input.
1 affected package
netatalk
| Package | 24.04 LTS |
|---|---|
| netatalk | Needs evaluation |
Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names.
1 affected package
netatalk
| Package | 24.04 LTS |
|---|---|
| netatalk | Needs evaluation |
A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data.
1 affected package
netatalk
| Package | 24.04 LTS |
|---|---|
| netatalk | Needs evaluation |
Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to obtain sensitive information or cause a minor service disruption.
1 affected package
netatalk
| Package | 24.04 LTS |
|---|---|
| netatalk | Needs evaluation |