Tin
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-17520 | Hig | 0.57 | 8.8 | 0.02 | Dec 14, 2017 | tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is… | ||
| CVE-2006-6122 | 0.00 | — | 0.01 | Nov 26, 2006 | Multiple buffer overflows in TIN before 1.8.2 have unspecified impact and attack vectors, a different vulnerability than CVE-2006-0804. | |||
| CVE-2006-0804 | 0.00 | — | 0.03 | Feb 21, 2006 | Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow. | |||
| CVE-1999-1091 | 0.00 | — | 0.01 | Jan 15, 2002 | UNIX news readers tin and rtin create the /tmp/.tin_log file with insecure permissions and follow symlinks, which allows attackers to modify the permissions of files writable by the user via a symlink attack. | |||
| CVE-1999-1092 | 0.00 | — | 0.00 | Nov 17, 1999 | tin 1.40 creates the .tin directory with insecure permissions, which allows local users to read passwords from the .inputhistory file. |
- risk 0.57cvss 8.8epss 0.02
tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is…
- CVE-2006-6122Nov 26, 2006risk 0.00cvss —epss 0.01
Multiple buffer overflows in TIN before 1.8.2 have unspecified impact and attack vectors, a different vulnerability than CVE-2006-0804.
- CVE-2006-0804Feb 21, 2006risk 0.00cvss —epss 0.03
Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow.
- CVE-1999-1091Jan 15, 2002risk 0.00cvss —epss 0.01
UNIX news readers tin and rtin create the /tmp/.tin_log file with insecure permissions and follow symlinks, which allows attackers to modify the permissions of files writable by the user via a symlink attack.
- CVE-1999-1092Nov 17, 1999risk 0.00cvss —epss 0.00
tin 1.40 creates the .tin directory with insecure permissions, which allows local users to read passwords from the .inputhistory file.