74 matches found
CVE-2026-56740
JLine3 Telnet server remote-telnet module in JLine prior to versions 3.30.14, 4.0.16, and 4.2.1 does not limit the number of environment variables injected via Telnet NEW-ENVIRON. TelnetIO.readNEVariables() stores each variable pair in a HashMap within ConnectionData (lines 1127-1180), allowing a...
PT-2026-60884
Name of the Vulnerable Software and Affected Versions JLine versions prior to 3.30.14 JLine versions prior to 4.0.16 JLine versions prior to 4.2.1 Description The JLine3 Telnet server remote-telnet module fails to limit the number of environment variables a client can inject using the Telnet...
SUSE-SU-2026:22562-1 Security update for jline3
This update for jline3 fixes the following issues: Changes in jline3: unauthenticated remote memory exhaustion via unbounded Telnet 'NEW-ENVIRON variables bsc1269021...
OPENSUSE-SU-2026:21221-1 Security update for jline3
This update for jline3 fixes the following issues: Changes in jline3: unauthenticated remote memory exhaustion via unbounded Telnet 'NEW-ENVIRON variables bsc1269021...
openSUSE 16: jline3 / jline3-builtins / jline3-console / jline3-console-ui / etc (openSUSE-SU-2026:21221-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:21221-1 advisory. Changes in jline3: unauthenticated remote memory exhaustion via unbounded Telnet 'NEW-ENVIRON variables bsc1269021 Tenable has extracted the preceding...
Astra Linux – Vulnerability in inetutils
In GNU inetutils, the telnet utility in version 2.7 allows servers to read arbitrary environment variables from clients using the NEWENVIRON SENDUSERVAR function...
GHSA-47QP-HQVX-6R3F JLine3 Telnet server: Unauthenticated Remote Memory Exhaustion via Unbounded Telnet NEW-ENVIRON Variables
Summary The JLine3 Telnet server remote-telnet module does not limit the number of environment variables a client may inject via the Telnet NEW-ENVIRON option. An unauthenticated attacker can flood the server with a large number of unique variable pairs before sending the terminating IAC SE byte,...
USN-8387-1: Inetutils vulnerabilities
It was discovered that the Inetutils telnet daemon incorrectly handled the CREDENTIALSDIRECTORY environment variable. An attacker could possibly use this issue to escalate privileges. CVE-2026-28372 It was discovered that the Inetutils telnet daemon did not properly validate buffer bounds when...
Malicious code in @a91082900/test_package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8349cd7ce2c9ac2321dce8f80e5a46c0064b382fb7e54e975ff27a2dcab1254 The package's main file index.js executes at module load, with no exports and no user-invoked API. On import it issues...
MAL-2026-3680 Malicious code in @a91082900/test_package (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8349cd7ce2c9ac2321dce8f80e5a46c0064b382fb7e54e975ff27a2dcab1254 The package's main file index.js executes at module load, with no exports and no user-invoked API. On import it issues...
GNU InetUtils 2.6 - Telnetd Remote Privilege Escalation
Exploit Title: GNU InetUtils telnetd - Remote Privilege Escalation Date: 2026-01-24 Exploit Author: Ali Guliyev infat0x Author GitHub: https://github.com/infat0x Vendor Homepage: https://www.gnu.org/software/inetutils/ Software Link: https://ftp.gnu.org/gnu/inetutils/ Version: GNU InetUtils 2.0...
Exploit for Argument Injection in Gnu Inetutils
CVE-2026-24061 - telnetd auth bypass o co chodzi argument...
EUVD-2026-12154
telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...
DEBIAN-CVE-2026-32772
telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...
UBUNTU-CVE-2026-32772
telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...
PT-2026-25852
Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and below Description SiYuan, a personal knowledge management system, has an issue in the globalCopyFiles API. This API reads source files using filepath.Abs without proper workspace boundary checks. It relies on the...
CVE-2026-32772
telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...
CVE-2026-32772
telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...
📄 GNU Inetutils telnetd NEW-ENVIRON Authentication Bypass
This Metasploit module exploits an authentication bypass vulnerability in GNU Inetutils telnetd. By sending a specially crafted NEW-ENVIRON subnegotiation with a USER variable containing -f root, an attacker can login as root without a password. This occurs because telnetd passes the environment...
Exploit for Argument Injection in Gnu Inetutils
!Authorhttps://img.shields.io/badge/Author-Mohammed%20Idrees%...