CVE-2012-5534
- EPSS 1.97%
- Veröffentlicht 03.12.2012 21:55:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."
CVE-2012-5854
- EPSS 6.61%
- Veröffentlicht 19.11.2012 12:10:54
- Zuletzt bearbeitet 11.04.2025 00:51:21
Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded.
CVE-2011-1428
- EPSS 0.17%
- Veröffentlicht 16.03.2011 22:55:04
- Zuletzt bearbeitet 11.04.2025 00:51:21
Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server v...
- EPSS 1.98%
- Veröffentlicht 19.03.2009 10:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read.