Netkit
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Netkit product.
RSS Feeds for Netkit security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Netkit products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Netkit Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2025 there have been 0 vulnerabilities in Netkit. Netkit did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 0 | 0.00 |
2023 | 1 | 9.80 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 2 | 6.65 |
2018 | 0 | 0.00 |
It may take a day or so for new Netkit vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Netkit Security Vulnerabilities
netkit-rcp in rsh-client 0.17-24
CVE-2023-38336
9.8 - Critical
- July 14, 2023
netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778.
Command Injection
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of
CVE-2019-7282
5.9 - Medium
- January 31, 2019
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.
An issue was discovered in rcp in NetKit through 0.17
CVE-2019-7283
7.4 - High
- January 31, 2019
An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems
CVE-2001-0554
- August 14, 2001
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
Classic Buffer Overflow