CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-7449
https://notcve.org/view.php?id=CVE-2013-7449
21 Apr 2016 — The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. La función ssl_do_connect en common/server.c en HexChat en versiones anteriores a 2.10.2, XChat y XChat-GNOME no verifica que el nombre de host del servidor coincide con un nombre de dominio en el certificado X.509, lo que permit... • http://hexchat.readthedocs.org/en/latest/changelog.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 17%CPEs: 1EXPL: 4CVE-2016-2233 – Hexchat IRC Client 2.11.0 - CAP LS Handling Buffer Overflow
https://notcve.org/view.php?id=CVE-2016-2233
05 Apr 2016 — Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP LS message. Desbordamiento de búfer basado en pila en la función inbound_cap_ls en common/inbound.c en HexChat 2.10.2 permite a servidores IRC remotos provocar una denegación de servicio (caída) a través un gran número de opciones en un mensaje CAP LS. Hexchat IRC client version 2.11.0 suffers from a stack buffe... • https://packetstorm.news/files/id/136563 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 13%CPEs: 1EXPL: 3CVE-2016-2087 – Hexchat IRC Client 2.11.0 - Directory Traversal
https://notcve.org/view.php?id=CVE-2016-2087
05 Apr 2016 — Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name. Vulnerabilidad de salto de directorio en el cliente en HexChat 2.11.0 permite a servidores IRC remotos leer o modificar archivos arbitrarios a través de un .. (punto punto) en el nombre del servidor. Hexchat IRC client version 2.11.0 suffers from a directory traversal vulnerability. • https://packetstorm.news/files/id/136564 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •