Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Pine
(University_of_washington)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2002-12-31 | CVE-2002-2325 | The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field. | Pine | N/A | ||
| 2002-12-31 | CVE-2002-1903 | Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information. | Pine | N/A | ||
| 2002-12-11 | CVE-2002-1320 | Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks ("). | Pine | N/A | ||
| 2002-07-26 | CVE-2002-0014 | URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&). | Pine | N/A | ||
| 2001-10-18 | CVE-2001-0736 | Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack. | Secure_linux, Immunix, Mandrake_linux, Mandrake_linux_corporate_server, Linux, Pine | N/A | ||
| 2000-12-19 | CVE-2000-0909 | Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header. | Pine | N/A | ||
| 2000-11-14 | CVE-2000-0847 | Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute arbitrary commands via a long X-Keywords header. | Imap, Pine | N/A | ||
| 1999-06-28 | CVE-2000-0353 | Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine. | Pine | N/A | ||
| 1996-08-26 | CVE-1999-1187 | Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail. | Freebsd, Slackware_linux, Pine | N/A | ||
| 1997-12-16 | CVE-1999-0004 | MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook. | Dtmail, Unixware, Pine | N/A |