CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2017-8073 – Debian Security Advisory 3836-1
https://notcve.org/view.php?id=CVE-2017-8073
23 Apr 2017 — WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow. WeeChat en versiones anteriores a 1.7.1 permite una caída remota a través del envio de un nombre de archivo a través de DCC al plugin IRC. Esto ocurre en la función irc_ctcp_dcc_filename_without_quotes durante la eliminación de cotizaciones, con un desbordamiento de búfer. It was discovered that weechat, a f... • http://www.debian.org/security/2017/dsa-3836 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 35EXPL: 2CVE-2011-1428
https://notcve.org/view.php?id=CVE-2011-1428
16 Mar 2011 — Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API. Wee Enhanced Environment para Chat (también conocido como WeeChat) v0.3.4 y anteriores no comprueban de forma correcta que el nombre del servidor coincide con el nombre de dominio del campo... • http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html • CWE-20: Improper Input Validation •