3 results (0.020 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks. modules/chanserv/flags.c en Atheme en versiones anteriores a 7.2.7 permite a atacantes remotos modificar el comportamiento de Anope FLAGS registrando y soltando (1) LIST, (2) CLEAR o (3) MODIFY nicks de palabras clave. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00061.html http://www.openwall.com/lists/oss-security/2016/05/02/2 http://www.openwall.com/lists/oss-security/2016/05/03/1 https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b https://github.com/atheme/atheme/issues/397 • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0

Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding. Desbordamiento del buffer en la función xmlrpc_char_encode en modules/transport/xmlrpc/xmlrpclib.c en Atheme en versiones anteriores a 7.2.7 permite a atacantes remotos provocar una caída de servicio a través de vectores relacionados con la codificación de la respuesta XMLRPC. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00061.html http://www.debian.org/security/2016/dsa-3586 http://www.openwall.com/lists/oss-security/2016/05/02/2 http://www.openwall.com/lists/oss-security/2016/05/03/1 https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.0EPSS: 1%CPEs: 22EXPL: 0

The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user. La función myuser_delete en libathemecore/account.c en Atheme v5.x anteiores a v5.2.7, v6.x anteriores a v6.0.10, y v7.x anteriores a v7.0.0-beta2 no eliminan las entradas CertFP de forma adecuada cuando se borra un usuario, lo que permite a atacantes remotos acceder a distintas cuentas de usuario o provocar una denegación de servicio (caída del demonio) a través de un acceso con la credenciales de un usuario eliminado. • http://archives.neohapsis.com/archives/fulldisclosure/2012-03/0248.html http://git.atheme.org/atheme/commit/?id=3d9551761db2 http://jira.atheme.org/browse/SRV-166 http://secunia.com/advisories/48481 http://secunia.com/advisories/50704 http://security.gentoo.org/glsa/glsa-201209-09.xml http://www.openwall.com/lists/oss-security/2012/03/22/3 http://www.openwall.com/lists/oss-security/2012/03/23/2 http://www.securityfocus.com/bid/52675 • CWE-264: Permissions, Privileges, and Access Controls •