Skip to main content

Tinc

4 CVEs product

Monthly

CVE-2018-16758 MEDIUM This Month

Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Tinc Debian Linux Starwind Virtual San
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2018-16738 LOW Monitor

tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Tinc Debian Linux Starwind Virtual San
NVD
CVSS 3.1
3.7
EPSS
1.4%
CVE-2018-16737 MEDIUM This Month

tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tinc Starwind Virtual San
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2013-1428 MEDIUM POC THREAT This Month

Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 65.5%.

Buffer Overflow Denial Of Service RCE Tinc
NVD GitHub Exploit-DB
CVSS 2.0
6.5
EPSS
65.5%
Threat
4.8
EPSS 1% CVSS 5.9
MEDIUM This Month

Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Tinc Debian Linux +1
NVD
EPSS 1% CVSS 3.7
LOW Monitor

tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Tinc Debian Linux +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tinc Starwind Virtual San
NVD
EPSS 66% 4.8 CVSS 6.5
MEDIUM POC THREAT This Month

Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 65.5%.

Buffer Overflow Denial Of Service RCE +1
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy