ISC INN 2.2.1

CPE Details

ISC INN 2.2.1
isc
inn
2.2.1
2007-08-23
19h16 +00:00
2007-09-14
15h36 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:isc:inn:2.2.1:*:*:*:*:*:*:*

Informations

Vendor

isc

Product

inn

Version

2.2.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2012-3523 2012-11-11 10h00 +00:00 The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
6.8
CVE-2001-1442 2005-04-21 02h00 +00:00 Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.
4.6
CVE-2002-0525 2002-06-11 02h00 +00:00 Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.
10
CVE-2000-0472 2000-10-13 02h00 +00:00 Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID.
3.6
CVE-2000-0360 2000-07-12 02h00 +00:00 Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article.
5
CVE-1999-0754 2000-06-02 02h00 +00:00 The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable.
10
CVE-1999-0705 2000-01-04 04h00 +00:00 Buffer overflow in INN inews program.
7.5
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.