3 results (0.010 seconds)

CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0

WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow. WeeChat en versiones anteriores a 1.7.1 permite una caída remota a través del envio de un nombre de archivo a través de DCC al plugin IRC. Esto ocurre en la función irc_ctcp_dcc_filename_without_quotes durante la eliminación de cotizaciones, con un desbordamiento de búfer. • http://www.debian.org/security/2017/dsa-3836 http://www.securityfocus.com/bid/97987 https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ASRTCQFFDAAK347URWNDH6NSED2BGNY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER23GT23US5JXDLUZAMGMWXKZ74MI4S2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3LAJTLI3LWZRNCFYJ7PCBBTHUMCCBHH https:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0

The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion." La función hook_process en el complemento API para WeeChat v0.3.0 hasta v0.3.9.1 permite a atacantes remotos ejecutar comandos de su elección a través de a través de metacaracteres de shell en un comando de un complemento, relacionado con "shell expansion". • http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commitdiff_plain%3Bh=efb795c74fe954b9544074aafcebb1be4452b03a http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093260.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093495.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093516.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html http://secunia.com • CWE-20: Improper Input Validation •

CVSS: 5.8EPSS: 0%CPEs: 35EXPL: 2

Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API. Wee Enhanced Environment para Chat (también conocido como WeeChat) v0.3.4 y anteriores no comprueban de forma correcta que el nombre del servidor coincide con el nombre de dominio del campo subject de un certificado X.509, que permite a los atacantes "man-in-the-middle" falsificar un servidor de chat SSL a través de un certificado de su elección, relacionado con el uso incorrecto de la API GnuTLS. • http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91 http://savannah.nongnu.org/patch/index.php?7459 http://secunia.com/advisories/43543 http://www.securityfocus.com/bid/46612 • CWE-20: Improper Input Validation •