+## Security advisories
+
+The following list contains advisories for security issues in tinc in old versions:
+
+- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1428](CVE-2013-1428):
+ to be published.
+- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1755](CVE-2002-1755):
+ tinc 1.0pre3 and 1.0pre4 VPN do not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC.
+- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1505](CVE-2001-1505):
+ tinc 1.0pre3 and 1.0pre4 allow remote attackers to inject data into user sessions by sniffing and replaying packets.
+