VYPR

Tin

by Tin

CVEs (5)

  • CVE-2017-17520HigDec 14, 2017
    risk 0.57cvss 8.8epss 0.02

    tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is…

  • CVE-2006-6122Nov 26, 2006
    risk 0.00cvss epss 0.01

    Multiple buffer overflows in TIN before 1.8.2 have unspecified impact and attack vectors, a different vulnerability than CVE-2006-0804.

  • CVE-2006-0804Feb 21, 2006
    risk 0.00cvss epss 0.03

    Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow.

  • CVE-1999-1091Jan 15, 2002
    risk 0.00cvss epss 0.01

    UNIX news readers tin and rtin create the /tmp/.tin_log file with insecure permissions and follow symlinks, which allows attackers to modify the permissions of files writable by the user via a symlink attack.

  • CVE-1999-1092Nov 17, 1999
    risk 0.00cvss epss 0.00

    tin 1.40 creates the .tin directory with insecure permissions, which allows local users to read passwords from the .inputhistory file.