VYPR

Weechat

by Weechat

Source repositories

CVEs (7)

  • CVE-2017-14727HigSep 23, 2017
    risk 0.49cvss 7.5epss 0.03

    logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.

  • CVE-2017-8073HigApr 23, 2017
    risk 0.49cvss 7.5epss 0.03

    WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow.

  • CVE-2012-5534Dec 3, 2012
    risk 0.00cvss epss 0.04

    The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."

  • CVE-2012-5854Nov 19, 2012
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded.

  • CVE-2011-1428Mar 16, 2011
    risk 0.00cvss epss 0.01

    Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate,…

  • CVE-2009-0661Mar 19, 2009
    risk 0.00cvss epss 0.03

    Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read.

  • CVE-2007-4398Aug 18, 2007
    risk 0.00cvss epss 0.02

    Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.