CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2012-5534
https://notcve.org/view.php?id=CVE-2012-5534
The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion." La función hook_process en el complemento API para WeeChat v0.3.0 hasta v0.3.9.1 permite a atacantes remotos ejecutar comandos de su elección a través de a través de metacaracteres de shell en un comando de un complemento, relacionado con "shell expansion". • http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commitdiff_plain%3Bh=efb795c74fe954b9544074aafcebb1be4452b03a http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093260.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093495.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093516.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html http://secunia.com • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 11%CPEs: 4EXPL: 0CVE-2012-5854
https://notcve.org/view.php?id=CVE-2012-5854
Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded. Desbordamiento de búfer basado en memoria dinámica en weechat v0.3.6 a hasta v0.3.9 permite a atacantes remotos provocar una denegación de servicio (caída o bloqueo) y posiblemente ejecutar código arbitrario a través de colores IRC hechos a mano que no están debidamente decodificados. • http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092228.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092490.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092536.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html http://osvdb.org/87279 http://secunia.com/advisories/51377 http://weechat.org/security http://www.mandriva.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.8EPSS: 0%CPEs: 35EXPL: 2CVE-2011-1428
https://notcve.org/view.php?id=CVE-2011-1428
Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API. Wee Enhanced Environment para Chat (también conocido como WeeChat) v0.3.4 y anteriores no comprueban de forma correcta que el nombre del servidor coincide con el nombre de dominio del campo subject de un certificado X.509, que permite a los atacantes "man-in-the-middle" falsificar un servidor de chat SSL a través de un certificado de su elección, relacionado con el uso incorrecto de la API GnuTLS. • http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91 http://savannah.nongnu.org/patch/index.php?7459 http://secunia.com/advisories/43543 http://www.securityfocus.com/bid/46612 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 10%CPEs: 1EXPL: 0CVE-2009-0661
https://notcve.org/view.php?id=CVE-2009-0661
Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read. Wee Enhanced Environment for Chat (WeeChat) versión 0.2.6, permite a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de un comando PRIVMSG IRC que contiene códigos de color diseñados que desencadenan una lectura fuera de límites. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940 http://osvdb.org/52763 http://savannah.nongnu.org/bugs/index.php?25862 http://secunia.com/advisories/34304 http://secunia.com/advisories/34328 http://weechat.flashtux.org http://www.debian.org/security/2009/dsa-1744 http://www.openwall.com/lists/oss-security/2009/03/17/8 http://www.securityfocus.com/bid/34148 http://www.vupen.com/english/advisories/2009/0758 https://exchange.xforce.ibmcloud.com/vulnerabilities • CWE-20: Improper Input Validation •