4 results (0.049 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1

Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence. Atheme IRC Services versiones anteriores a 7.2.12, cuando es usado en conjunto con InspIRCd, permite omitir la autenticación al terminar un handshake de IRC en un punto determinado durante una secuencia de inicio de sesión de desafío-respuesta • https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52 https://github.com/atheme/atheme/compare/v7.2.11...v7.2.12 https://www.openwall.com/lists/oss-security/2022/01/30/4 • CWE-287: Improper Authentication •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed in 7.2.8. Fuga de memoria en la función login_user en saslserv/main.c en saslserv/main.so en Atheme 7.2.7 permite a atacantes remotos no autenticados consumir memoria y provocar una denegación de servicio. Esto se soluciona en la versión 7.2.8. • http://www.securityfocus.com/bid/96552 https://github.com/atheme/atheme/pull/539 https://github.com/atheme/atheme/releases/tag/v7.2.8 • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks. modules/chanserv/flags.c en Atheme en versiones anteriores a 7.2.7 permite a atacantes remotos modificar el comportamiento de Anope FLAGS registrando y soltando (1) LIST, (2) CLEAR o (3) MODIFY nicks de palabras clave. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00061.html http://www.openwall.com/lists/oss-security/2016/05/02/2 http://www.openwall.com/lists/oss-security/2016/05/03/1 https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b https://github.com/atheme/atheme/issues/397 • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0

Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding. Desbordamiento del buffer en la función xmlrpc_char_encode en modules/transport/xmlrpc/xmlrpclib.c en Atheme en versiones anteriores a 7.2.7 permite a atacantes remotos provocar una caída de servicio a través de vectores relacionados con la codificación de la respuesta XMLRPC. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00061.html http://www.debian.org/security/2016/dsa-3586 http://www.openwall.com/lists/oss-security/2016/05/02/2 http://www.openwall.com/lists/oss-security/2016/05/03/1 https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •