Lucene search
+L

6511 matches found

CVE
CVE
added yesterday8 views

CVE-2026-56740

JLine3 Telnet server remote-telnet module in JLine prior to versions 3.30.14, 4.0.16, and 4.2.1 does not limit the number of environment variables injected via Telnet NEW-ENVIRON. TelnetIO.readNEVariables() stores each variable pair in a HashMap within ConnectionData (lines 1127-1180), allowing a...

7.5CVSS5.4AI score
Exploits0References9
CVE
CVE
added yesterday12 views

CVE-2026-56741

JLine3 Telnet server's remote-telnet module did not bound NAWS-terminal dimensions, reading width/height as 16-bit values and passing 65535x65535 to setTerminalGeometry. This allowed an unauthenticated remote attacker to induce repeated heavy rendering, causing CPU exhaustion Denial of Service. A...

7.5CVSS5.5AI score
Exploits0References7
Nuclei
Nuclei
added yesterday167 views

TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability

A critical vulnerability has been discovered in TOTOLINK CP450 version 4.1.0cu.747B20191224. This vulnerability affects an unknown part of the file /webcste/cgi-bin/product.ini of the Telnet Service component. The issue stems from the use of a hard-coded password, which can be exploited remotely...

10CVSS8.3AI score0.20737EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday56 views

Sony IPELA Engine IP Camera - Hardcoded Account

Multiple SONY network cameras are vulnerable to sensitive information disclosure via hardcoded credentials. id: CVE-2016-7834 info: name: Sony IPELA Engine IP Camera - Hardcoded Account author: af001 severity: high description: | Multiple SONY network cameras are vulnerable to sensitive informati...

8.8CVSS7.9AI score0.03901EPSS
Exploits0References5
OSV
OSV
added 2026/07/06 8:10 p.m.3 views

SUSE-SU-2026:22562-1 Security update for jline3

This update for jline3 fixes the following issues: Changes in jline3: unauthenticated remote memory exhaustion via unbounded Telnet 'NEW-ENVIRON variables bsc1269021...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/06 8:10 p.m.7 views

OPENSUSE-SU-2026:21221-1 Security update for jline3

This update for jline3 fixes the following issues: Changes in jline3: unauthenticated remote memory exhaustion via unbounded Telnet 'NEW-ENVIRON variables bsc1269021...

6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.21 views

openSUSE 16: jline3 / jline3-builtins / jline3-console / jline3-console-ui / etc (openSUSE-SU-2026:21221-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:21221-1 advisory. Changes in jline3: unauthenticated remote memory exhaustion via unbounded Telnet 'NEW-ENVIRON variables bsc1269021 Tenable has extracted the preceding...

6.2AI score
Exploits0References1
NVD
NVD
added 2026/06/29 5:16 p.m.11 views

CVE-2026-13589

A vulnerability was identified in seladb PcapPlusPlus 25.05. This affects the function pcpp::TelnetLayer::getSubCommand of the file Packet++/src/TelnetLayer.cpp of the component Telnet Subnegotiation Packet Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated...

6.3CVSS0.0056EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/29 4:30 p.m.9 views

EUVD-2026-40150

A vulnerability was identified in seladb PcapPlusPlus 25.05. This affects the function pcpp::TelnetLayer::getSubCommand of the file Packet++/src/TelnetLayer.cpp of the component Telnet Subnegotiation Packet Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated...

6.3CVSS5.8AI score0.0056EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/29 4:30 p.m.41 views

CVE-2026-13589 seladb PcapPlusPlus Telnet Subnegotiation Packet TelnetLayer.cpp getSubCommand heap-based overflow

A vulnerability was identified in seladb PcapPlusPlus 25.05. This affects the function pcpp::TelnetLayer::getSubCommand of the file Packet++/src/TelnetLayer.cpp of the component Telnet Subnegotiation Packet Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated...

6.3CVSS0.0056EPSS
Exploits0References9
CVE
CVE
added 2026/06/29 4:30 p.m.17 views

CVE-2026-13589

A vulnerability affects seladb PcapPlusPlus 25.05, specifically the Telnet Subnegotiation Packet Handler: pcpp::TelnetLayer::getSubCommand in Packet++/src/TelnetLayer.cpp. The issue is a heap-based buffer overflow that can be triggered remotely. The reported attack complexity is high, with no aut...

6.3CVSS5.8AI score0.0056EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/29 4:30 p.m.6 views

CVE-2026-13589

A vulnerability was identified in seladb PcapPlusPlus 25.05. This affects the function pcpp::TelnetLayer::getSubCommand of the file Packet++/src/TelnetLayer.cpp of the component Telnet Subnegotiation Packet Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated...

6.3CVSS5.4AI score0.0056EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2026/06/29 4:30 p.m.3 views

CVE-2026-13589 seladb PcapPlusPlus Telnet Subnegotiation Packet TelnetLayer.cpp getSubCommand heap-based overflow

A vulnerability was identified in seladb PcapPlusPlus 25.05. This affects the function pcpp::TelnetLayer::getSubCommand of the file Packet++/src/TelnetLayer.cpp of the component Telnet Subnegotiation Packet Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated...

6.3CVSS5.4AI score0.0056EPSS
Exploits0References11
AstraLinux
AstraLinux
added 2026/06/23 11:48 a.m.12 views

Astra Linux – Vulnerability in inetutils

In GNU inetutils, the telnet utility in version 2.7 allows servers to read arbitrary environment variables from clients using the NEWENVIRON SENDUSERVAR function...

4.7CVSS6AI score0.00187EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/19 7:23 p.m.24 views

CVE-2026-49345 Mercator CVE Configuration Vulnerable to Server-Side Request Forgery (SSRF)

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery SSRF vulnerability exists in Mercator's CVE configuration panel /admin/config/parameters. The testProvider method in ConfigurationController passes...

5.3CVSS0.0054EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 7:23 p.m.18 views

CVE-2026-49345

CVE-2026-49345 affects Mercator before 2025.05.19. The SSRF flaw resides in the CVE configuration panel (/admin/config/parameters) where ConfigurationController.testProvider() passes user input directly to curl_init() without validating scheme/host/IP. An authenticated user with configure permiss...

5.3CVSS6.1AI score0.0054EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 1:7 p.m.13 views

GHSA-47QP-HQVX-6R3F JLine3 Telnet server: Unauthenticated Remote Memory Exhaustion via Unbounded Telnet NEW-ENVIRON Variables

Summary The JLine3 Telnet server remote-telnet module does not limit the number of environment variables a client may inject via the Telnet NEW-ENVIRON option. An unauthenticated attacker can flood the server with a large number of unique variable pairs before sending the terminating IAC SE byte,...

7.5CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/06/18 1:7 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the TelnetIO.handleNAWS method, which does not check for upper bounds on requested dimensions. An attacker can cause CPU exhaustion by large NAWS Negotiate About Window Size...

8.7CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/18 1:7 p.m.15 views

GHSA-2R2C-CX56-8933 JLine3 Telnet server: Unauthenticated Remote DoS via Unbounded Telnet NAWS Terminal Geometry

Summary The JLine3 Telnet server remote-telnet module does not apply an upper bound to terminal dimensions received via the Telnet NAWS Negotiate About Window Size option. An unauthenticated remote attacker can send a NAWS subnegotiation advertising a 65535×65535 terminal and repeatedly alternate...

7.5CVSS5.6AI score
Exploits0References2
OSV
OSV
added 2026/06/15 3:56 p.m.8 views

MGASA-2026-0210 Updated putty packages fix security vulnerabilities

ECDSA signature verification can be made to fail an assertion. Server can provoke a double free in RSA KEX code. Telnet session data is marked with trust sigils after authenticating to a proxy. PuTTY Ed25519 Signature ecc-ssh.c eddsaverify signature verification. CVE-2026-4115...

6.3CVSS5.3AI score0.00534EPSS
Exploits1References7
Rows per page
Query Builder