GHSA-X43W-PH7M-PFJX hexchat crate has a Use After Free vulnerability

All versions of this crate have function deregistercommand which can result in use after free. This is unsound. In addition, all versions since 0.3.0 have "safe" macros, which are documented as unsafe to use in threads. In addition, the hexchat crate is no longer actively maintained. If users rel...

EUVD-2013-7213

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-2233

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack-based buffer overflow in the inboundcapls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service crash via ...

Linux Distros Unpatched Vulnerability : CVE-2016-2087

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. dot dot in the server nam...

hexchat bug fix and enhancement update

An update is available for hexchat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.4...

Linux Distros Unpatched Vulnerability : CVE-2013-7449

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ssldoconnect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in...

OPENSUSE-SU-2024:10843-1 hexchat-2.14.3-4.4 on GA media

These are all security issues fixed in the hexchat-2.14.3-4.4 package on the GA media of openSUSE Tumbleweed...

hexchat bug fix and enhancement update

An update is available for hexchat. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.1...

SUSE CVE-2013-7449

The ssldoconnect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

SUSE CVE-2016-2087

Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. dot dot in the server name...

SUSE CVE-2016-2233

Stack-based buffer overflow in the inboundcapls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service crash via a large number of options in a CAP LS message...

SUSE CVE-2018-15120

libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted text with invalid Unicode sequences...

new packages: hexchat

An update is available for hexchat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.0...

Mageia: Security Advisory (MGASA-2015-0050)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : fribidi (openSUSE-SU-2021:1655-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1655-1 advisory. - A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a...

SUSE-SU-2020:2872-1 Security update for hexchat

This update for hexchat fixes the following issues: - CVE-2016-2087: A directory traversal was possible if a user could be convinced to connect to a server with a hostname with '..' in its name. bsc1020739. This non-security issue was fixed: - Add dependency on iso-codes and hwdata as hexchat tri...

Amazon Linux 2 : fribidi (ALAS-2020-1434)

The version of fribidi installed on the remote host is prior to 1.0.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1434 advisory. A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an...

Linux Gather HexChat/XChat Enumeration

This module will collect HexChat and XChat's config files and chat logs from the victim's machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The CONFIGS option can be used to collect information such as channel settings, channel/server passwords, etc. The CHATS option will...

NewStart CGSL CORE 5.05 / MAIN 5.05 : fribidi Vulnerability (NS-SA-2020-0006)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has fribidi packages installed that are affected by a vulnerability: - A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of...

CVE-2019-18397

A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application...