Total
16 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0297 | 1 University Of Washington | 3 C-client, Imap-2002b, Pine | 2018-10-19 | 7.5 HIGH | N/A |
c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors. | |||||
CVE-1999-0004 | 3 Hp, Sco, University Of Washington | 3 Dtmail, Unixware, Pine | 2018-10-12 | 5.0 MEDIUM | N/A |
MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook. | |||||
CVE-2003-0720 | 1 University Of Washington | 1 Pine | 2018-05-02 | 7.5 HIGH | N/A |
Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type. | |||||
CVE-2003-0721 | 1 University Of Washington | 1 Pine | 2018-05-02 | 7.5 HIGH | N/A |
Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number. | |||||
CVE-2001-0736 | 5 Engardelinux, Immunix, Mandrakesoft and 2 more | 6 Secure Linux, Immunix, Mandrake Linux and 3 more | 2017-12-18 | 2.1 LOW | N/A |
Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-1999-1187 | 3 Freebsd, Slackware, University Of Washington | 3 Freebsd, Slackware Linux, Pine | 2017-12-18 | 4.6 MEDIUM | N/A |
Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail. | |||||
CVE-2000-0847 | 1 University Of Washington | 2 Imap, Pine | 2017-10-09 | 7.5 HIGH | N/A |
Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute arbitrary commands via a long X-Keywords header. | |||||
CVE-2000-0909 | 1 University Of Washington | 1 Pine | 2017-10-09 | 7.5 HIGH | N/A |
Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header. | |||||
CVE-2003-0300 | 8 Microsoft, Mozilla, Mutt and 5 more | 8 Outlook Express, Mozilla, Mutt and 5 more | 2016-10-17 | 5.0 MEDIUM | N/A |
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. | |||||
CVE-2002-1320 | 1 University Of Washington | 1 Pine | 2016-10-17 | 5.0 MEDIUM | N/A |
Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks ("). | |||||
CVE-2002-0014 | 1 University Of Washington | 1 Pine | 2016-10-17 | 7.5 HIGH | N/A |
URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&). | |||||
CVE-2000-0352 | 1 University Of Washington | 1 Pine | 2008-09-10 | 10.0 HIGH | N/A |
Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL. | |||||
CVE-2000-0353 | 1 University Of Washington | 1 Pine | 2008-09-10 | 10.0 HIGH | N/A |
Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine. | |||||
CVE-2005-1066 | 1 University Of Washington | 1 Pine | 2008-09-05 | 1.2 LOW | N/A |
Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-2002-2325 | 1 University Of Washington | 1 Pine | 2008-09-05 | 7.8 HIGH | N/A |
The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field. | |||||
CVE-2002-1903 | 1 University Of Washington | 1 Pine | 2008-09-05 | 5.0 MEDIUM | N/A |
Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information. |