4 results (0.010 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1

Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence. Atheme IRC Services versiones anteriores a 7.2.12, cuando es usado en conjunto con InspIRCd, permite omitir la autenticación al terminar un handshake de IRC en un punto determinado durante una secuencia de inicio de sesión de desafío-respuesta • https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52 https://github.com/atheme/atheme/compare/v7.2.11...v7.2.12 https://www.openwall.com/lists/oss-security/2022/01/30/4 • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks. modules/chanserv/flags.c en Atheme en versiones anteriores a 7.2.7 permite a atacantes remotos modificar el comportamiento de Anope FLAGS registrando y soltando (1) LIST, (2) CLEAR o (3) MODIFY nicks de palabras clave. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00061.html http://www.openwall.com/lists/oss-security/2016/05/02/2 http://www.openwall.com/lists/oss-security/2016/05/03/1 https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b https://github.com/atheme/atheme/issues/397 • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0

Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding. Desbordamiento del buffer en la función xmlrpc_char_encode en modules/transport/xmlrpc/xmlrpclib.c en Atheme en versiones anteriores a 7.2.7 permite a atacantes remotos provocar una caída de servicio a través de vectores relacionados con la codificación de la respuesta XMLRPC. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00061.html http://www.debian.org/security/2016/dsa-3586 http://www.openwall.com/lists/oss-security/2016/05/02/2 http://www.openwall.com/lists/oss-security/2016/05/03/1 https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.0EPSS: 1%CPEs: 22EXPL: 0

The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user. La función myuser_delete en libathemecore/account.c en Atheme v5.x anteiores a v5.2.7, v6.x anteriores a v6.0.10, y v7.x anteriores a v7.0.0-beta2 no eliminan las entradas CertFP de forma adecuada cuando se borra un usuario, lo que permite a atacantes remotos acceder a distintas cuentas de usuario o provocar una denegación de servicio (caída del demonio) a través de un acceso con la credenciales de un usuario eliminado. • http://archives.neohapsis.com/archives/fulldisclosure/2012-03/0248.html http://git.atheme.org/atheme/commit/?id=3d9551761db2 http://jira.atheme.org/browse/SRV-166 http://secunia.com/advisories/48481 http://secunia.com/advisories/50704 http://security.gentoo.org/glsa/glsa-201209-09.xml http://www.openwall.com/lists/oss-security/2012/03/22/3 http://www.openwall.com/lists/oss-security/2012/03/23/2 http://www.securityfocus.com/bid/52675 • CWE-264: Permissions, Privileges, and Access Controls •