Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Workstation Extension 12 SP5 package netatalk, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2022-22995 — CVSS 10.0 (critical): The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting…
CVE-2022-23121 — CVSS 9.8 (critical): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required…
CVE-2024-38439 — CVSS 9.8 (critical): Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in…
CVE-2022-43634 — CVSS 9.8 (critical): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required…
CVE-2024-38441 — CVSS 9.8 (critical): Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in…
CVE-2023-42464 — CVSS 9.8 (critical): A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC…
CVE-2022-23125 — CVSS 9.8 (critical): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required…
CVE-2021-31439 — CVSS 8.8 (high): This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager…
CVE-2022-45188 — CVSS 7.8 (high): Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides…
CVE-2024-38440 — CVSS 7.5 (high): Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly…