Every CVE whose affected-product data names Isc Inn, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2002-0525 — CVSS 10.0 (critical): Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to…
CVE-1999-0754 — CVSS 10.0 (critical): The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF…
CVE-1999-0043 — CVSS 9.8 (critical): Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.
CVE-1999-0706 — CVSS 7.5 (high): Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables.
CVE-1999-0247 — CVSS 7.5 (high): Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands.
CVE-2004-0045 — CVSS 7.5 (high): Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute…
CVE-1999-0868 — CVSS 7.2 (high): ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.
CVE-1999-0785 — CVSS 7.2 (high): The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file.
CVE-2012-3523 — CVSS 6.8 (medium): The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers…
CVE-2000-0360 — CVSS 5.0 (medium): Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article.
CVE-2001-1442 — CVSS 4.6 (medium): Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c…
CVE-2000-0472 — CVSS 3.6 (low): Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID.