Every CVE whose affected-product data names Gnu Inetutils, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2011-4862 — CVSS 10.0 (critical): Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and…
CVE-2026-32746 — CVSS 9.8 (critical): telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because…
CVE-2023-40303 — CVSS 7.8 (high): GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp…
CVE-2022-39028 — CVSS 7.5 (high): telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or…
CVE-2026-28372 — CVSS 7.4 (high): telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added…
CVE-2021-40491 — CVSS 6.5 (medium): The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server…
CVE-2026-32772 — CVSS 3.4 (low): telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.