GCVE - cpe:2.3:a:isc:inn:2.2.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:isc:inn:2.2.1:*:*:*:*:*:*:*

part: a version: 2.2.1 update: *

Vendor	Isc (`4a2f2b37-98b6-5702-822d-72afcd17d050`)
Product	Inn (`74c14673-8aca-5c91-8d41-09c2f9470db6`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-3523`	vulnerable	2026-06-03 14:31:58.902615	Details available The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. Published: 2012-11-11T11:00:00.000Z Updated: 2024-08-06T20:05:12.721Z Open on db.gcve.eu Reference links http://www.mandriva.com/security/advisories?name=MDVSA-2012:156 http://secunia.com/advisories/50661 http://lists.opensuse.org/opensuse-updates/2012-09/msg00058.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-0525`	vulnerable	2026-06-03 14:26:14.463542	Details available Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses. Published: 2002-06-11T04:00:00.000Z Updated: 2024-08-08T02:49:28.777Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/4501 http://www.iss.net/security_center/static/8834.php http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2001-1442`	vulnerable	2026-06-03 14:26:12.635231	Details available Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument. Published: 2005-04-21T04:00:00.000Z Updated: 2024-08-08T04:58:11.444Z Open on db.gcve.eu Reference links http://www.kb.cert.org/vuls/id/943536 https://exchange.xforce.ibmcloud.com/vulnerabilities/6398 http://securitytracker.com/id?1001353 http://www.securityfocus.com/bid/2620 http://www.securityfocus.com/archive/1/178011	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2000-0472`	vulnerable	2026-06-03 14:25:59.166656	Details available Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID. Published: 2000-10-13T04:00:00.000Z Updated: 2024-08-08T05:21:31.177Z Open on db.gcve.eu Reference links http://archives.neohapsis.com/archives/bugtraq/2000-06/0003.html http://archives.neohapsis.com/archives/bugtraq/2000-07/0097.html https://exchange.xforce.ibmcloud.com/vulnerabilities/4615 ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-016.0.txt http://archives.neohapsis.com/archives/bugtraq/2000-07/0298.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2000-0360`	vulnerable	2026-06-03 14:25:42.993502	Details available Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article. Published: 2000-07-12T04:00:00.000Z Updated: 2024-08-08T05:14:21.453Z Open on db.gcve.eu Reference links http://www.novell.com/linux/security/advisories/suse_security_announce_34.html ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-038.0.txt http://www.securityfocus.com/bid/1249	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.