ISC INN 1.5.1

CPE Details

ISC INN 1.5.1
isc
inn
1.5.1
2007-08-23
19h16 +00:00
2007-09-14
15h36 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:isc:inn:1.5.1:*:*:*:*:*:*:*

Informations

Vendor

isc

Product

inn

Version

1.5.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2012-3523 2012-11-11 10h00 +00:00 The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
6.8
CVE-1999-0247 2000-10-13 02h00 +00:00 Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands.
7.5
CVE-2000-0360 2000-07-12 02h00 +00:00 Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article.
5
CVE-1999-0754 2000-06-02 02h00 +00:00 The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable.
10
CVE-1999-0705 2000-01-04 04h00 +00:00 Buffer overflow in INN inews program.
7.5
CVE-1999-0706 2000-01-04 04h00 +00:00 Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables.
7.5
CVE-1999-0868 2000-01-04 04h00 +00:00 ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.
7.2
CVE-1999-0100 1999-09-29 02h00 +00:00 Remote access in AIX innd 1.5.1, using control messages.
10
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.