Search for packages
| purl | pkg:deb/debian/inetutils@2:1.9-2 |
| Next non-vulnerable version | 2:2.4-2+deb12u3 |
| Latest non-vulnerable version | 2:2.6-3+deb13u3 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6xfm-qpgd-ebaw
Aliases: CVE-2026-28372 |
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file. |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-8491-mjp3-bqbv
Aliases: CVE-2022-39028 |
krb5-appl: NULL pointer dereference |
Affected by 4 other vulnerabilities. |
|
VCID-8mwn-2k1d-rkfz
Aliases: CVE-2014-3634 |
Multiple vulnerabilities have been found in RSYSLOG, allowing attackers to cause Denial of Service. |
Affected by 9 other vulnerabilities. |
|
VCID-bn6y-snuj-gbdy
Aliases: CVE-2026-24061 |
A vulnerability has been discovered in the telnetd module of inetutils, which allows remote code execution as root. |
Affected by 3 other vulnerabilities. |
|
VCID-eq37-ztb2-nfb8
Aliases: CVE-2021-40491 |
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl. |
Affected by 4 other vulnerabilities. |
|
VCID-hm61-cd18-hycu
Aliases: CVE-2026-32746 |
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-m459-kwuf-2kd4
Aliases: CVE-2023-40303 |
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process. |
Affected by 4 other vulnerabilities. |
|
VCID-qg9t-d2pk-yub6
Aliases: CVE-2019-0053 |
Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client — accessible from the CLI or shell — in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. |
Affected by 4 other vulnerabilities. |
|
VCID-um87-6yps-cbfk
Aliases: CVE-2020-10188 |
telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code |
Affected by 4 other vulnerabilities. |
|
VCID-wfv6-euzm-7bhc
Aliases: CVE-2026-32772 |
telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR. |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-nes3-sr2e-yueb | This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information. |
CVE-2010-2529
|
| VCID-unvx-tsxw-abbw | A boundary error in Heimdal could result in execution of arbitrary code. |
CVE-2011-4862
|