Pine
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-0720 | 0.04 | — | 0.13 | Sep 17, 2003 | Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type. | |||
| CVE-2002-1320 | 0.04 | — | 0.10 | Dec 11, 2002 | Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks ("). | |||
| CVE-2000-0909 | 0.04 | — | 0.12 | Dec 19, 2000 | Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header. | |||
| CVE-2002-2325 | 0.03 | — | 0.03 | Dec 31, 2002 | The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field. | |||
| CVE-2001-0736 | 0.03 | — | 0.01 | Oct 18, 2001 | Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2005-1066 | 0.00 | — | 0.00 | May 2, 2005 | Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2003-0721 | 0.00 | — | 0.04 | Sep 17, 2003 | Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number. | |||
| CVE-2003-0297 | 0.00 | — | 0.03 | Jun 16, 2003 | c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or… | |||
| CVE-2003-0300 | 0.00 | — | 0.03 | Jun 16, 2003 | The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. | |||
| CVE-2002-1903 | 0.00 | — | 0.01 | Dec 31, 2002 | Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information. | |||
| CVE-2002-0014 | 0.00 | — | 0.02 | Jul 26, 2002 | URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&). | |||
| CVE-2000-0847 | 0.00 | — | 0.03 | Nov 14, 2000 | Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute arbitrary commands via a long X-Keywords header. | |||
| CVE-2000-0352 | 0.00 | — | 0.04 | Nov 18, 1999 | Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL. | |||
| CVE-2000-0353 | 0.00 | — | 0.04 | Jun 28, 1999 | Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine. | |||
| CVE-1999-0004 | 0.00 | — | 0.03 | Dec 16, 1997 | MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook. | |||
| CVE-1999-1187 | 0.00 | — | 0.00 | Aug 26, 1996 | Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail. |
- CVE-2003-0720Sep 17, 2003risk 0.04cvss —epss 0.13
Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type.
- CVE-2002-1320Dec 11, 2002risk 0.04cvss —epss 0.10
Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks (").
- CVE-2000-0909Dec 19, 2000risk 0.04cvss —epss 0.12
Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header.
- CVE-2002-2325Dec 31, 2002risk 0.03cvss —epss 0.03
The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field.
- CVE-2001-0736Oct 18, 2001risk 0.03cvss —epss 0.01
Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.
- CVE-2005-1066May 2, 2005risk 0.00cvss —epss 0.00
Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack.
- CVE-2003-0721Sep 17, 2003risk 0.00cvss —epss 0.04
Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number.
- CVE-2003-0297Jun 16, 2003risk 0.00cvss —epss 0.03
c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or…
- CVE-2003-0300Jun 16, 2003risk 0.00cvss —epss 0.03
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
- CVE-2002-1903Dec 31, 2002risk 0.00cvss —epss 0.01
Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information.
- CVE-2002-0014Jul 26, 2002risk 0.00cvss —epss 0.02
URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&).
- CVE-2000-0847Nov 14, 2000risk 0.00cvss —epss 0.03
Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute arbitrary commands via a long X-Keywords header.
- CVE-2000-0352Nov 18, 1999risk 0.00cvss —epss 0.04
Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL.
- CVE-2000-0353Jun 28, 1999risk 0.00cvss —epss 0.04
Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine.
- CVE-1999-0004Dec 16, 1997risk 0.00cvss —epss 0.03
MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook.
- CVE-1999-1187Aug 26, 1996risk 0.00cvss —epss 0.00
Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail.