cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-40303,https://securityvulnerability.io/vulnerability/CVE-2023-40303,Privilege Escalation Vulnerability in GNU Inetutils Products,"GNU Inetutils, through version 2.4, contains a vulnerability that allows for privilege escalation due to the lack of validation on the return values of the set*id() family of functions within several components such as ftpd, rcp, rlogin, rsh, rshd, and uucpd. This issue can be exploited when a process attempts to drop privileges, as failures in the setuid system call could lead to situations where an ordinary user inadvertently gains control over the process, leading to potential unauthorized actions.",Gnu,Inetutils,7.8,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2023-08-14T05:15:00.000Z,0
CVE-2022-39028,https://securityvulnerability.io/vulnerability/CVE-2022-39028,NULL Pointer Dereference in Telnet Service Leads to Potential Downtime for GNU Inetutils,"The telnetd component in GNU Inetutils, up to version 2.3, and MIT krb5-appl, up to version 1.0.3, is susceptible to a NULL pointer dereference triggered by specific byte sequences. When exploited, this vulnerability may lead to repeated crashes of the telnetd application. Initially, the application will crash without affecting the telnet service, which remains operational through inetd. However, if multiple crashes occur rapidly, inetd will halt the telnet service, logging a termination error. This issue is notable as some Linux distributions still package the affected version of MIT krb5-appl, a component that has not received upstream support for years, even though the faulty code was removed from the actively supported versions of MIT Kerberos.",Gnu,Inetutils,7.5,HIGH,0.002570000011473894,false,,false,false,false,,,false,false,,2022-08-30T00:00:00.000Z,0
CVE-2021-40491,https://securityvulnerability.io/vulnerability/CVE-2021-40491,Address Validation Flaw in GNU Inetutils FTP Client,"The FTP client in GNU Inetutils prior to version 2.2 lacks adequate validation of addresses provided by PASV/LSPV responses. This oversight can lead to scenarios where the returned addresses do not align with the server address, potentially allowing for man-in-the-middle attacks or other network-related exploits, similar to vulnerabilities noted in other software like curl.",Gnu,Inetutils,6.5,MEDIUM,0.0013599999947473407,false,,false,false,false,,,false,false,,2021-09-03T00:00:00.000Z,0