Search CVE reports
491 – 500 of 40628 results
A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code.
1 affected package
netatalk
| Package | 22.04 LTS |
|---|---|
| netatalk | Needs evaluation |
Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect mechanism.
1 affected package
netatalk
| Package | 22.04 LTS |
|---|---|
| netatalk | Needs evaluation |
Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic attack.
1 affected package
netatalk
| Package | 22.04 LTS |
|---|---|
| netatalk | Needs evaluation |
Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials.
1 affected package
netatalk
| Package | 22.04 LTS |
|---|---|
| netatalk | Needs evaluation |
An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation.
1 affected package
netatalk
| Package | 22.04 LTS |
|---|---|
| netatalk | Needs evaluation |
A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause a denial of service.
1 affected package
netatalk
| Package | 22.04 LTS |
|---|---|
| netatalk | Needs evaluation |
An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data.
1 affected package
netatalk
| Package | 22.04 LTS |
|---|---|
| netatalk | Needs evaluation |
A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service.
1 affected package
netatalk
| Package | 22.04 LTS |
|---|---|
| netatalk | Needs evaluation |
An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial of service.
1 affected package
netatalk
| Package | 22.04 LTS |
|---|---|
| netatalk | Needs evaluation |
A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized...
1 affected package
libsolv
| Package | 22.04 LTS |
|---|---|
| libsolv | Needs evaluation |