) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:isc:inn:1.4sec2:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2012-3523 |
The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. Published: November 11, 2012; 8:00:46 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2000-0360 |
Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article. Published: October 20, 2000; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-1999-0705 |
Buffer overflow in INN inews program. Published: September 01, 1999; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-1999-0754 |
The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable. Published: May 11, 1999; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
| CVE-1999-0247 |
Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands. Published: July 21, 1997; 12:00:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-1999-0043 |
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. Published: December 04, 1996; 12:00:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |