CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-31998 – inn: %post calls user owned file allowing local privilege escalation to root
https://notcve.org/view.php?id=CVE-2021-31998
10 Jun 2021 — A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2. Una vulnerabilidad de Permisos por Defecto Incorrectos e... • https://bugzilla.suse.com/show_bug.cgi?id=1182321 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2019-3692 – Local privilege escalation from user news to root in the packaging of inn
https://notcve.org/view.php?id=CVE-2019-3692
24 Jan 2020 — The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions. El empaquetado de inn en SUSE Linux Enterprise Server versión 11; openSUSE Factory, Leap versión 15.1, permite a atacante... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00027.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.1EPSS: 0%CPEs: 17EXPL: 0CVE-2012-3523 – Gentoo Linux Security Advisory 201401-24
https://notcve.org/view.php?id=CVE-2012-3523
11 Nov 2012 — The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. La implementación STARTTLS en nnrpd en INN antes de v2.5.3 no restringe correctamente el búfer de E/S, lo que permite a atacantes man-in-the-middle introducir comandos en s... • http://lists.opensuse.org/opensuse-updates/2012-09/msg00058.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 94%CPEs: 1EXPL: 0CVE-2004-0045
https://notcve.org/view.php?id=CVE-2004-0045
03 Feb 2004 — Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code. Desbordamiento de búfer en el código de control del mensaje en INN 2.4.0 puede permitir que atacantes remotos ejecuten código arbitrario. • http://archives.neohapsis.com/archives/bugtraq/2004-01/0063.html •