CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-39028 – Ubuntu Security Notice USN-6304-1
https://notcve.org/view.php?id=CVE-2022-39028
30 Aug 2022 — telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not sup... • https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?id=113da8021710d871c7dd72d2a4d5615d42d64289 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 64%CPEs: 361EXPL: 0CVE-2020-10188 – telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code
https://notcve.org/view.php?id=CVE-2020-10188
06 Mar 2020 — utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. El archivo utility.c en telnetd en netkit telnet versiones hasta 0.17, permite a atacantes remotos ejecutar código arbitrario por medio de escrituras cortas o datos urgentes, debido a un desbordamiento del búfer que involucra a las funciones netclear y nextitem. A vulnerability was found where incorre... • https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 1CVE-2019-7283
https://notcve.org/view.php?id=CVE-2019-7283
31 Jan 2019 — An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111. • https://bugs.debian.org/920486 •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 1CVE-2019-7282 – Ubuntu Security Notice USN-5327-1
https://notcve.org/view.php?id=CVE-2019-7282
31 Jan 2019 — In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. En NetKit hasta la versión 0.17, rcp.c en el cliente rcp permite que los servidores rsh omitan las restricciones de acceso planeadas mediante un nombre de archivo "." o un nombre de archivo vacío. El impacto consiste en modificar los pe... • https://bugs.debian.org/920486 •
CVSS: 9.1EPSS: 0%CPEs: 280EXPL: 0CVE-2005-0178
https://notcve.org/view.php?id=CVE-2005-0178
16 Feb 2005 — Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores. • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2004-0640
https://notcve.org/view.php?id=CVE-2004-0640
09 Jul 2004 — Format string vulnerability in the SSL_set_verify function in telnetd.c for SSLtelnet daemon (SSLtelnetd) 0.13 allows remote attackers to execute arbitrary code. Vulnerabilidad de cadena de formato en la función SSL_set_verify en telnetd.c de SSLtlenet daemon (SSLtelnetd) 0.13 permite a atacantes remotos ejecutar código de su elección. • http://www.debian.org/security/2004/dsa-529 •
CVSS: 10.0EPSS: 6%CPEs: 87EXPL: 3CVE-2001-0554 – Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - 'TelnetD' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2001-0554
14 Aug 2001 — Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. • https://www.exploit-db.com/exploits/21018 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •