| Bug | bullseye | trixie | forky | sid | Description |
|---|
| CVE-2026-49390 | vulnerable | vulnerable (no DSA) | vulnerable | fixed | |
| CVE-2026-49389 | vulnerable | vulnerable (no DSA) | vulnerable | fixed | |
| CVE-2026-49388 | vulnerable | vulnerable (no DSA) | vulnerable | fixed | |
| CVE-2026-49387 | vulnerable | vulnerable (no DSA) | vulnerable | fixed | |
| CVE-2026-45699 | vulnerable | fixed | fixed | fixed | |
| CVE-2026-45698 | vulnerable | fixed | fixed | fixed | |
| CVE-2026-45356 | vulnerable | fixed | fixed | fixed | |
| CVE-2026-45355 | vulnerable | fixed | fixed | fixed | |
| CVE-2026-45354 | vulnerable | fixed | fixed | fixed | |
| CVE-2026-44076 | vulnerable | fixed | fixed | fixed | Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4. ... |
| CVE-2026-44068 | vulnerable | fixed | fixed | fixed | Incomplete sanitization of extended attribute (EA) path components in ... |
| CVE-2026-44067 | vulnerable | vulnerable (no DSA) | vulnerable | fixed | A heap over-read in extended attribute (EA) header parsing in Netatalk ... |
| CVE-2026-44066 | vulnerable | fixed | fixed | fixed | Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling c ... |
| CVE-2026-44065 | vulnerable | vulnerable (no DSA) | vulnerable | fixed | An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4. ... |
| CVE-2026-44064 | vulnerable | fixed | fixed | fixed | An out-of-bounds read in ASP session ID handling in Netatalk 1.3 throu ... |
| CVE-2026-44063 | vulnerable | vulnerable (no DSA) | vulnerable | fixed | An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows ... |
| CVE-2026-44062 | vulnerable | fixed | fixed | fixed | A missing output length bounds check in pull_charset_flags() in Netata ... |
| CVE-2026-44061 | vulnerable | vulnerable (no DSA) | vulnerable | fixed | Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a ti ... |
| CVE-2026-44060 | vulnerable | fixed | fixed | fixed | An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4. ... |
| CVE-2026-44058 | vulnerable | vulnerable (no DSA) | vulnerable | fixed | An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 ... |
| CVE-2026-44057 | vulnerable | fixed | fixed | fixed | A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0. ... |
| CVE-2026-44056 | vulnerable | vulnerable (no DSA) | vulnerable | fixed | A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2 ... |
| CVE-2026-44055 | vulnerable | fixed | fixed | fixed | A logic error involving bitwise OR operations in Netatalk 3.1.4 throug ... |
| CVE-2026-44054 | vulnerable | fixed | fixed | fixed | Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from ... |
| CVE-2026-44053 | vulnerable | vulnerable (no DSA) | vulnerable | fixed | Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in ... |
| CVE-2026-44052 | vulnerable | fixed | fixed | fixed | Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into l ... |
| CVE-2026-44051 | vulnerable | fixed | fixed | fixed | An improper link resolution vulnerability in Netatalk 3.0.2 through 4. ... |
| CVE-2026-44050 | vulnerable | fixed | fixed | fixed | A heap-based buffer overflow in the CNID daemon comm_rcv() function in ... |
| CVE-2026-44049 | vulnerable | fixed | fixed | fixed | An out-of-bounds write due to improper null termination in convert_cha ... |
| CVE-2026-44048 | vulnerable | fixed | fixed | fixed | A stack-based buffer overflow via UCS-2 type confusion in convert_char ... |
| CVE-2026-44047 | vulnerable | fixed | fixed | fixed | An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3 ... |
| Bug | bullseye | trixie | forky | sid | Description |
|---|
| CVE-2026-44075 | vulnerable | vulnerable | vulnerable | fixed | A missing break statement in DSI OpenSession processing in Netatalk 1. ... |
| CVE-2026-44074 | vulnerable | vulnerable | vulnerable | fixed | Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitw ... |
| CVE-2026-44073 | vulnerable | vulnerable | vulnerable | fixed | Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check t ... |
| CVE-2026-44072 | vulnerable | vulnerable | vulnerable | fixed | Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() wit ... |
| CVE-2026-44071 | vulnerable | vulnerable | vulnerable | fixed | Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which ... |
| CVE-2026-44070 | vulnerable | vulnerable | vulnerable | fixed | An unbounded memory reallocation in the charset conversion code in Net ... |
| CVE-2026-44069 | vulnerable | vulnerable | vulnerable | fixed | An integer underflow in the volxlate function in Netatalk 3.0.0 throug ... |
| CVE-2026-44059 | vulnerable | vulnerable | vulnerable | fixed | A race condition in the privilege toggle mechanism in Netatalk 2.2.5 t ... |
| CVE-2026-7837 | vulnerable | vulnerable | vulnerable | fixed | A time-of-check time-of-use (TOCTOU) condition in the ad_flush functio ... |
| CVE-2026-7836 | vulnerable | vulnerable | vulnerable | fixed | An incorrect calculation in the hextoint macro in Netatalk 2.0.0 throu ... |
| CVE-2026-7835 | vulnerable | vulnerable | vulnerable | fixed | A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allo ... |
| Bug | Description |
|---|
| CVE-2024-38441 | Netatalk before 3.2.1 has an off-by-one error and resultant heap-based ... |
| CVE-2024-38440 | Netatalk before 3.2.1 has an off-by-one error, and resultant heap-base ... |
| CVE-2024-38439 | Netatalk before 3.2.1 has an off-by-one error and resultant heap-based ... |
| CVE-2023-42464 | A Type Confusion vulnerability was found in the Spotlight RPC function ... |
| CVE-2022-45188 | Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow ... |
| CVE-2022-43634 | This vulnerability allows remote attackers to execute arbitrary code o ... |
| CVE-2022-23125 | This vulnerability allows remote attackers to execute arbitrary code o ... |
| CVE-2022-23124 | This vulnerability allows remote attackers to disclose sensitive infor ... |
| CVE-2022-23123 | This vulnerability allows remote attackers to disclose sensitive infor ... |
| CVE-2022-23122 | This vulnerability allows remote attackers to execute arbitrary code o ... |
| CVE-2022-23121 | This vulnerability allows remote attackers to execute arbitrary code o ... |
| CVE-2022-22995 | The combination of primitives offered by SMB and AFP in their default ... |
| CVE-2022-0194 | This vulnerability allows remote attackers to execute arbitrary code o ... |
| CVE-2021-31439 | This vulnerability allows network-adjacent attackers to execute arbitr ... |
| CVE-2018-1160 | Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_ ... |
| CVE-2008-5718 | The papd daemon in Netatalk before 2.0.4-beta2, when using certain var ... |
| CVE-2004-0974 | The netatalk package in Trustix Secure Linux 1.5 through 2.1, and poss ... |