Lucene search
K
FlashtuxWeechat

4 matches found

CVE
CVE
added 2009/03/19 10:0 a.m.81 views

CVE-2009-0661

WeeChat 0.2.6 contains a denial-of-service vulnerability: a remote attacker can crash the client by sending a crafted PRIVMSG with color codes, triggering an out-of-bounds read in the colored message handling. Advisories (Gentoo GLSA 200904-04, Fedora advisories FEDORA-2009-2859/2861, Gentoo GLSA...

5CVSS6.5AI score0.03105EPSS
CVE
CVE
added 2012/11/19 11:0 a.m.66 views

CVE-2012-5854

WeeChat is affected by two CVEs: CVE-2012-5854 (heap-based buffer overflow when decoding IRC colors) and CVE-2012-5534 (shell expansions in hook_process). These vulnerabilities were fixed by patches/upgrades to WeeChat 0.3.9.2+; advisories across Gentoo, Mandriva, openSUSE, Fedora, and others ref...

7.5CVSS8AI score0.05543EPSS
CVE
CVE
added 2012/12/03 9:0 p.m.63 views

CVE-2012-5534

WeeChat vulnerability CVE-2012-5534 affects the hook_process() in the plugin API for versions 0.3.0–0.3.9.1, allowing remote command execution via shell metacharacters in a plugin-derived command (shell expansion). Impact described across several advisories: remote code execution or other effects...

7.5CVSS7.5AI score0.04442EPSS
CVE
CVE
added 2011/03/16 10:0 p.m.60 views

CVE-2011-1428

WeeChat (Wee Enhanced Environment for Chat) versions up to 0.3.4 are affected by CVE-2011-1428, where the client does not properly validate that the server hostname matches the subject of an X.509 certificate, enabling MITM with an arbitrary certificate due to incorrect GnuTLS API usage. Exploita...

5.8CVSS6.3AI score0.01082EPSS