Lucene search
+L

74 matches found

CVE
CVE
added 2 days ago11 views

CVE-2026-56740

JLine3 Telnet server remote-telnet module in JLine prior to versions 3.30.14, 4.0.16, and 4.2.1 does not limit the number of environment variables injected via Telnet NEW-ENVIRON. TelnetIO.readNEVariables() stores each variable pair in a HashMap within ConnectionData (lines 1127-1180), allowing a...

7.5CVSS5.4AI score0.00511EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-60884

Name of the Vulnerable Software and Affected Versions JLine versions prior to 3.30.14 JLine versions prior to 4.0.16 JLine versions prior to 4.2.1 Description The JLine3 Telnet server remote-telnet module fails to limit the number of environment variables a client can inject using the Telnet...

7.5CVSS5.3AI score0.00511EPSS
Exploits0References13
OSV
OSV
added 2026/07/06 8:10 p.m.3 views

SUSE-SU-2026:22562-1 Security update for jline3

This update for jline3 fixes the following issues: Changes in jline3: unauthenticated remote memory exhaustion via unbounded Telnet 'NEW-ENVIRON variables bsc1269021...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/06 8:10 p.m.7 views

OPENSUSE-SU-2026:21221-1 Security update for jline3

This update for jline3 fixes the following issues: Changes in jline3: unauthenticated remote memory exhaustion via unbounded Telnet 'NEW-ENVIRON variables bsc1269021...

6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.21 views

openSUSE 16: jline3 / jline3-builtins / jline3-console / jline3-console-ui / etc (openSUSE-SU-2026:21221-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:21221-1 advisory. Changes in jline3: unauthenticated remote memory exhaustion via unbounded Telnet 'NEW-ENVIRON variables bsc1269021 Tenable has extracted the preceding...

6.2AI score
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/23 11:48 a.m.12 views

Astra Linux – Vulnerability in inetutils

In GNU inetutils, the telnet utility in version 2.7 allows servers to read arbitrary environment variables from clients using the NEWENVIRON SENDUSERVAR function...

4.7CVSS6AI score0.00187EPSS
Exploits1References3
OSV
OSV
added 2026/06/18 1:7 p.m.14 views

GHSA-47QP-HQVX-6R3F JLine3 Telnet server: Unauthenticated Remote Memory Exhaustion via Unbounded Telnet NEW-ENVIRON Variables

Summary The JLine3 Telnet server remote-telnet module does not limit the number of environment variables a client may inject via the Telnet NEW-ENVIRON option. An unauthenticated attacker can flood the server with a large number of unique variable pairs before sending the terminating IAC SE byte,...

7.5CVSS5.5AI score0.00511EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/06/04 11:16 p.m.19 views

USN-8387-1: Inetutils vulnerabilities

It was discovered that the Inetutils telnet daemon incorrectly handled the CREDENTIALSDIRECTORY environment variable. An attacker could possibly use this issue to escalate privileges. CVE-2026-28372 It was discovered that the Inetutils telnet daemon did not properly validate buffer bounds when...

9.8CVSS7.5AI score0.23674EPSS
Exploits13
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 6:0 p.m.15 views

Malicious code in @a91082900/test_package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8349cd7ce2c9ac2321dce8f80e5a46c0064b382fb7e54e975ff27a2dcab1254 The package's main file index.js executes at module load, with no exports and no user-invoked API. On import it issues...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/12 6:0 p.m.9 views

MAL-2026-3680 Malicious code in @a91082900/test_package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8349cd7ce2c9ac2321dce8f80e5a46c0064b382fb7e54e975ff27a2dcab1254 The package's main file index.js executes at module load, with no exports and no user-invoked API. On import it issues...

5.9AI score
Exploits0References1
Exploit DB
Exploit DB
added 2026/04/29 12:0 a.m.101 views

GNU InetUtils 2.6 - Telnetd Remote Privilege Escalation

Exploit Title: GNU InetUtils telnetd - Remote Privilege Escalation Date: 2026-01-24 Exploit Author: Ali Guliyev infat0x Author GitHub: https://github.com/infat0x Vendor Homepage: https://www.gnu.org/software/inetutils/ Software Link: https://ftp.gnu.org/gnu/inetutils/ Version: GNU InetUtils 2.0...

9.8CVSS8.9AI score0.98871EPSS
Exploits62
GithubExploit
GithubExploit
added 2026/03/18 7:58 p.m.200 views

Exploit for Argument Injection in Gnu Inetutils

CVE-2026-24061 - telnetd auth bypass o co chodzi argument...

10CVSS7.2AI score0.98871EPSS
Exploits63
EUVD
EUVD
added 2026/03/16 3:30 p.m.6 views

EUVD-2026-12154

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...

3.4CVSS5.9AI score0.00187EPSS
Exploits1References2
OSV
OSV
added 2026/03/16 2:19 p.m.5 views

DEBIAN-CVE-2026-32772

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...

4.7CVSS5.4AI score0.00187EPSS
Exploits1References1
OSV
OSV
added 2026/03/16 2:19 p.m.6 views

UBUNTU-CVE-2026-32772

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...

4.7CVSS5.9AI score0.00187EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.14 views

PT-2026-25852

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and below Description SiYuan, a personal knowledge management system, has an issue in the globalCopyFiles API. This API reads source files using filepath.Abs without proper workspace boundary checks. It relies on the...

6.8CVSS5.9AI score0.00411EPSS
Exploits1References9
Cvelist
Cvelist
added 2026/03/13 9:1 p.m.41 views

CVE-2026-32772

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...

3.4CVSS0.00187EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/13 9:1 p.m.4 views

CVE-2026-32772

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...

3.4CVSS5.9AI score0.00187EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2026/03/03 12:0 a.m.134 views

📄 GNU Inetutils telnetd NEW-ENVIRON Authentication Bypass

This Metasploit module exploits an authentication bypass vulnerability in GNU Inetutils telnetd. By sending a specially crafted NEW-ENVIRON subnegotiation with a USER variable containing -f root, an attacker can login as root without a password. This occurs because telnetd passes the environment...

9.8CVSS6AI score0.98871EPSS
Exploits62
GithubExploit
GithubExploit
added 2026/02/18 8:52 a.m.181 views

Exploit for Argument Injection in Gnu Inetutils

!Authorhttps://img.shields.io/badge/Author-Mohammed%20Idrees%...

9.8CVSS5.8AI score0.98871EPSS
Exploits62
Rows per page
Query Builder