Vulnerabilities > Netatalk > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-16 CVE-2024-38439 Out-of-bounds Write vulnerability in Netatalk
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c.
network
low complexity
netatalk CWE-787
critical
9.8
2023-09-20 CVE-2023-42464 Type Confusion vulnerability in multiple products
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17.
network
low complexity
netatalk debian CWE-843
critical
9.8
2023-03-29 CVE-2022-43634 Heap-based Buffer Overflow vulnerability in Netatalk 3.1.13
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk.
network
low complexity
netatalk CWE-122
critical
9.8
2023-03-28 CVE-2022-0194 Out-of-bounds Write vulnerability in multiple products
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk.
network
low complexity
netatalk debian CWE-787
critical
9.8
2023-03-28 CVE-2022-23121 Improper Handling of Exceptional Conditions vulnerability in multiple products
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk.
network
low complexity
netatalk debian CWE-755
critical
9.8
2023-03-28 CVE-2022-23122 Out-of-bounds Write vulnerability in multiple products
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk.
network
low complexity
netatalk debian CWE-787
critical
9.8
2023-03-28 CVE-2022-23123 Out-of-bounds Read vulnerability in multiple products
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk.
network
low complexity
netatalk debian CWE-125
critical
9.8
2023-03-28 CVE-2022-23124 Out-of-bounds Read vulnerability in multiple products
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk.
network
low complexity
netatalk debian CWE-125
critical
9.8
2023-03-28 CVE-2022-23125 Out-of-bounds Write vulnerability in multiple products
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk.
network
low complexity
netatalk debian CWE-787
critical
9.8
2022-03-25 CVE-2022-22995 Link Following vulnerability in multiple products
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files.
network
low complexity
westerndigital fedoraproject netatalk CWE-59
critical
9.8