Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for weechat by flashtux

    CVE-2012-5534 (GCVE-0-2012-5534)

    Vulnerability from nvd – Published: 2012-12-03 21:00 – Updated: 2024-08-06 21:05
    VLAI
    Summary
    The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://git.savannah.gnu.org/gitweb/?p=weechat.git… x_refsource_CONFIRM
    http://secunia.com/advisories/51294 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/51377 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://wiki.mageia.org/en/Support/Advisories/MGA… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-updates/2012-1… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/56584 vdb-entryx_refsource_BID
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://weechat.org/security/ x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.openwall.com/lists/oss-security/2012/11/19/4 mailing-listx_refsource_MLIST
    https://savannah.nongnu.org/bugs/?37764 x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    Date Public
    2012-11-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:05:47.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commitdiff_plain%3Bh=efb795c74fe954b9544074aafcebb1be4452b03a"
              },
              {
                "name": "51294",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51294"
              },
              {
                "name": "51377",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51377"
              },
              {
                "name": "openSUSE-SU-2013:0150",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0347"
              },
              {
                "name": "openSUSE-SU-2012:1580",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html"
              },
              {
                "name": "56584",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/56584"
              },
              {
                "name": "FEDORA-2012-18575",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093516.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://weechat.org/security/"
              },
              {
                "name": "FEDORA-2012-18526",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093495.html"
              },
              {
                "name": "[oss-security] 20121119 Re: Fwd: [[Weechat-security] Security vulnerability in WeeChat 0.3.0 -\u003e 0.3.9.1]",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/19/4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://savannah.nongnu.org/bugs/?37764"
              },
              {
                "name": "MDVSA-2013:136",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:136"
              },
              {
                "name": "FEDORA-2012-18494",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093260.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-11-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to \"shell expansion.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-02-05T15:57:02.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commitdiff_plain%3Bh=efb795c74fe954b9544074aafcebb1be4452b03a"
            },
            {
              "name": "51294",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51294"
            },
            {
              "name": "51377",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51377"
            },
            {
              "name": "openSUSE-SU-2013:0150",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0347"
            },
            {
              "name": "openSUSE-SU-2012:1580",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html"
            },
            {
              "name": "56584",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/56584"
            },
            {
              "name": "FEDORA-2012-18575",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093516.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://weechat.org/security/"
            },
            {
              "name": "FEDORA-2012-18526",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093495.html"
            },
            {
              "name": "[oss-security] 20121119 Re: Fwd: [[Weechat-security] Security vulnerability in WeeChat 0.3.0 -\u003e 0.3.9.1]",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/11/19/4"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://savannah.nongnu.org/bugs/?37764"
            },
            {
              "name": "MDVSA-2013:136",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:136"
            },
            {
              "name": "FEDORA-2012-18494",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093260.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-5534",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to \"shell expansion.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commitdiff_plain;h=efb795c74fe954b9544074aafcebb1be4452b03a",
                  "refsource": "CONFIRM",
                  "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commitdiff_plain;h=efb795c74fe954b9544074aafcebb1be4452b03a"
                },
                {
                  "name": "51294",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/51294"
                },
                {
                  "name": "51377",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/51377"
                },
                {
                  "name": "openSUSE-SU-2013:0150",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html"
                },
                {
                  "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0347",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0347"
                },
                {
                  "name": "openSUSE-SU-2012:1580",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html"
                },
                {
                  "name": "56584",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/56584"
                },
                {
                  "name": "FEDORA-2012-18575",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093516.html"
                },
                {
                  "name": "http://weechat.org/security/",
                  "refsource": "CONFIRM",
                  "url": "http://weechat.org/security/"
                },
                {
                  "name": "FEDORA-2012-18526",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093495.html"
                },
                {
                  "name": "[oss-security] 20121119 Re: Fwd: [[Weechat-security] Security vulnerability in WeeChat 0.3.0 -\u003e 0.3.9.1]",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/11/19/4"
                },
                {
                  "name": "https://savannah.nongnu.org/bugs/?37764",
                  "refsource": "CONFIRM",
                  "url": "https://savannah.nongnu.org/bugs/?37764"
                },
                {
                  "name": "MDVSA-2013:136",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:136"
                },
                {
                  "name": "FEDORA-2012-18494",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093260.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-5534",
        "datePublished": "2012-12-03T21:00:00.000Z",
        "dateReserved": "2012-10-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:05:47.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5854 (GCVE-0-2012-5854)

    Vulnerability from nvd – Published: 2012-11-19 11:00 – Updated: 2024-08-06 21:21
    VLAI
    Summary
    Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/87279 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/56482 vdb-entryx_refsource_BID
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/51377 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://savannah.nongnu.org/bugs/?37704 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2012/11/12/2 mailing-listx_refsource_MLIST
    https://wiki.mageia.org/en/Support/Advisories/MGA… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-updates/2012-1… vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://weechat.org/security/ x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    Date Public
    2012-11-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:21:27.375Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "87279",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/87279"
              },
              {
                "name": "56482",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/56482"
              },
              {
                "name": "FEDORA-2012-17973",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092536.html"
              },
              {
                "name": "51377",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51377"
              },
              {
                "name": "openSUSE-SU-2013:0150",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://savannah.nongnu.org/bugs/?37704"
              },
              {
                "name": "[oss-security] 20121112 Re: CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer overflow when decoding IRC colors in strings",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/12/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0330"
              },
              {
                "name": "openSUSE-SU-2012:1580",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html"
              },
              {
                "name": "FEDORA-2012-17950",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092228.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://weechat.org/security/"
              },
              {
                "name": "MDVSA-2013:136",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:136"
              },
              {
                "name": "FEDORA-2012-18006",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092490.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-11-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-02-05T15:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "87279",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/87279"
            },
            {
              "name": "56482",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/56482"
            },
            {
              "name": "FEDORA-2012-17973",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092536.html"
            },
            {
              "name": "51377",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51377"
            },
            {
              "name": "openSUSE-SU-2013:0150",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://savannah.nongnu.org/bugs/?37704"
            },
            {
              "name": "[oss-security] 20121112 Re: CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer overflow when decoding IRC colors in strings",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/11/12/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0330"
            },
            {
              "name": "openSUSE-SU-2012:1580",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html"
            },
            {
              "name": "FEDORA-2012-17950",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092228.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://weechat.org/security/"
            },
            {
              "name": "MDVSA-2013:136",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:136"
            },
            {
              "name": "FEDORA-2012-18006",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092490.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-5854",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "87279",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/87279"
                },
                {
                  "name": "56482",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/56482"
                },
                {
                  "name": "FEDORA-2012-17973",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092536.html"
                },
                {
                  "name": "51377",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/51377"
                },
                {
                  "name": "openSUSE-SU-2013:0150",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html"
                },
                {
                  "name": "https://savannah.nongnu.org/bugs/?37704",
                  "refsource": "CONFIRM",
                  "url": "https://savannah.nongnu.org/bugs/?37704"
                },
                {
                  "name": "[oss-security] 20121112 Re: CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer overflow when decoding IRC colors in strings",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/11/12/2"
                },
                {
                  "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0330",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0330"
                },
                {
                  "name": "openSUSE-SU-2012:1580",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html"
                },
                {
                  "name": "FEDORA-2012-17950",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092228.html"
                },
                {
                  "name": "http://weechat.org/security/",
                  "refsource": "CONFIRM",
                  "url": "http://weechat.org/security/"
                },
                {
                  "name": "MDVSA-2013:136",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:136"
                },
                {
                  "name": "FEDORA-2012-18006",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092490.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-5854",
        "datePublished": "2012-11-19T11:00:00.000Z",
        "dateReserved": "2012-11-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:21:27.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-1428 (GCVE-0-2011-1428)

    Vulnerability from nvd – Published: 2011-03-16 22:00 – Updated: 2024-09-17 02:16
    VLAI
    Summary
    Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://savannah.nongnu.org/patch/index.php?7459 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/46612 vdb-entryx_refsource_BID
    http://git.savannah.gnu.org/gitweb/?p=weechat.git… x_refsource_CONFIRM
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    http://secunia.com/advisories/43543 third-party-advisoryx_refsource_SECUNIA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:28:40.998Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://savannah.nongnu.org/patch/index.php?7459"
              },
              {
                "name": "46612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/46612"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91"
              },
              {
                "name": "20110227 weechat does not properly use gnutls and allow an attacker to bypass certificate verification",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html"
              },
              {
                "name": "43543",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43543"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-03-16T22:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://savannah.nongnu.org/patch/index.php?7459"
            },
            {
              "name": "46612",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/46612"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91"
            },
            {
              "name": "20110227 weechat does not properly use gnutls and allow an attacker to bypass certificate verification",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html"
            },
            {
              "name": "43543",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43543"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-1428",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://savannah.nongnu.org/patch/index.php?7459",
                  "refsource": "CONFIRM",
                  "url": "http://savannah.nongnu.org/patch/index.php?7459"
                },
                {
                  "name": "46612",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/46612"
                },
                {
                  "name": "http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commit;h=c265cad1c95b84abfd4e8d861f25926ef13b5d91",
                  "refsource": "CONFIRM",
                  "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commit;h=c265cad1c95b84abfd4e8d861f25926ef13b5d91"
                },
                {
                  "name": "20110227 weechat does not properly use gnutls and allow an attacker to bypass certificate verification",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html"
                },
                {
                  "name": "43543",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43543"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-1428",
        "datePublished": "2011-03-16T22:00:00.000Z",
        "dateReserved": "2011-03-16T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:16:44.046Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0661 (GCVE-0-2009-0661)

    Vulnerability from nvd – Published: 2009-03-19 10:00 – Updated: 2024-08-07 04:40
    VLAI
    Summary
    Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://savannah.nongnu.org/bugs/index.php?25862 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/34148 vdb-entryx_refsource_BID
    http://secunia.com/advisories/34304 third-party-advisoryx_refsource_SECUNIA
    http://weechat.flashtux.org/ x_refsource_CONFIRM
    http://osvdb.org/52763 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2009/0758 vdb-entryx_refsource_VUPEN
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940 x_refsource_CONFIRM
    http://www.debian.org/security/2009/dsa-1744 vendor-advisoryx_refsource_DEBIAN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/34328 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2009/03/17/8 mailing-listx_refsource_MLIST
    Date Public
    2009-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:40:05.127Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://savannah.nongnu.org/bugs/index.php?25862"
              },
              {
                "name": "34148",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34148"
              },
              {
                "name": "34304",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34304"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://weechat.flashtux.org/"
              },
              {
                "name": "52763",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/52763"
              },
              {
                "name": "ADV-2009-0758",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0758"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940"
              },
              {
                "name": "DSA-1744",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1744"
              },
              {
                "name": "weechat-ircmessage-dos(49295)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49295"
              },
              {
                "name": "34328",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34328"
              },
              {
                "name": "[oss-security] 20090317 Re: CVE request -- firefox, vlc, WeeChat",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/03/17/8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://savannah.nongnu.org/bugs/index.php?25862"
            },
            {
              "name": "34148",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34148"
            },
            {
              "name": "34304",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34304"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://weechat.flashtux.org/"
            },
            {
              "name": "52763",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/52763"
            },
            {
              "name": "ADV-2009-0758",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0758"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940"
            },
            {
              "name": "DSA-1744",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1744"
            },
            {
              "name": "weechat-ircmessage-dos(49295)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49295"
            },
            {
              "name": "34328",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34328"
            },
            {
              "name": "[oss-security] 20090317 Re: CVE request -- firefox, vlc, WeeChat",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/03/17/8"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-0661",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://savannah.nongnu.org/bugs/index.php?25862",
                  "refsource": "CONFIRM",
                  "url": "http://savannah.nongnu.org/bugs/index.php?25862"
                },
                {
                  "name": "34148",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34148"
                },
                {
                  "name": "34304",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34304"
                },
                {
                  "name": "http://weechat.flashtux.org/",
                  "refsource": "CONFIRM",
                  "url": "http://weechat.flashtux.org/"
                },
                {
                  "name": "52763",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/52763"
                },
                {
                  "name": "ADV-2009-0758",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0758"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940"
                },
                {
                  "name": "DSA-1744",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2009/dsa-1744"
                },
                {
                  "name": "weechat-ircmessage-dos(49295)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49295"
                },
                {
                  "name": "34328",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34328"
                },
                {
                  "name": "[oss-security] 20090317 Re: CVE request -- firefox, vlc, WeeChat",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2009/03/17/8"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-0661",
        "datePublished": "2009-03-19T10:00:00.000Z",
        "dateReserved": "2009-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:40:05.127Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5534 (GCVE-0-2012-5534)

    Vulnerability from cvelistv5 – Published: 2012-12-03 21:00 – Updated: 2024-08-06 21:05
    VLAI
    Summary
    The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://git.savannah.gnu.org/gitweb/?p=weechat.git… x_refsource_CONFIRM
    http://secunia.com/advisories/51294 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/51377 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://wiki.mageia.org/en/Support/Advisories/MGA… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-updates/2012-1… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/56584 vdb-entryx_refsource_BID
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://weechat.org/security/ x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://www.openwall.com/lists/oss-security/2012/11/19/4 mailing-listx_refsource_MLIST
    https://savannah.nongnu.org/bugs/?37764 x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    Date Public
    2012-11-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:05:47.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commitdiff_plain%3Bh=efb795c74fe954b9544074aafcebb1be4452b03a"
              },
              {
                "name": "51294",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51294"
              },
              {
                "name": "51377",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51377"
              },
              {
                "name": "openSUSE-SU-2013:0150",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0347"
              },
              {
                "name": "openSUSE-SU-2012:1580",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html"
              },
              {
                "name": "56584",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/56584"
              },
              {
                "name": "FEDORA-2012-18575",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093516.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://weechat.org/security/"
              },
              {
                "name": "FEDORA-2012-18526",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093495.html"
              },
              {
                "name": "[oss-security] 20121119 Re: Fwd: [[Weechat-security] Security vulnerability in WeeChat 0.3.0 -\u003e 0.3.9.1]",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/19/4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://savannah.nongnu.org/bugs/?37764"
              },
              {
                "name": "MDVSA-2013:136",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:136"
              },
              {
                "name": "FEDORA-2012-18494",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093260.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-11-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to \"shell expansion.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-02-05T15:57:02.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commitdiff_plain%3Bh=efb795c74fe954b9544074aafcebb1be4452b03a"
            },
            {
              "name": "51294",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51294"
            },
            {
              "name": "51377",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51377"
            },
            {
              "name": "openSUSE-SU-2013:0150",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0347"
            },
            {
              "name": "openSUSE-SU-2012:1580",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html"
            },
            {
              "name": "56584",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/56584"
            },
            {
              "name": "FEDORA-2012-18575",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093516.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://weechat.org/security/"
            },
            {
              "name": "FEDORA-2012-18526",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093495.html"
            },
            {
              "name": "[oss-security] 20121119 Re: Fwd: [[Weechat-security] Security vulnerability in WeeChat 0.3.0 -\u003e 0.3.9.1]",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/11/19/4"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://savannah.nongnu.org/bugs/?37764"
            },
            {
              "name": "MDVSA-2013:136",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:136"
            },
            {
              "name": "FEDORA-2012-18494",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093260.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-5534",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to \"shell expansion.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commitdiff_plain;h=efb795c74fe954b9544074aafcebb1be4452b03a",
                  "refsource": "CONFIRM",
                  "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commitdiff_plain;h=efb795c74fe954b9544074aafcebb1be4452b03a"
                },
                {
                  "name": "51294",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/51294"
                },
                {
                  "name": "51377",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/51377"
                },
                {
                  "name": "openSUSE-SU-2013:0150",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html"
                },
                {
                  "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0347",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0347"
                },
                {
                  "name": "openSUSE-SU-2012:1580",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html"
                },
                {
                  "name": "56584",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/56584"
                },
                {
                  "name": "FEDORA-2012-18575",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093516.html"
                },
                {
                  "name": "http://weechat.org/security/",
                  "refsource": "CONFIRM",
                  "url": "http://weechat.org/security/"
                },
                {
                  "name": "FEDORA-2012-18526",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093495.html"
                },
                {
                  "name": "[oss-security] 20121119 Re: Fwd: [[Weechat-security] Security vulnerability in WeeChat 0.3.0 -\u003e 0.3.9.1]",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/11/19/4"
                },
                {
                  "name": "https://savannah.nongnu.org/bugs/?37764",
                  "refsource": "CONFIRM",
                  "url": "https://savannah.nongnu.org/bugs/?37764"
                },
                {
                  "name": "MDVSA-2013:136",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:136"
                },
                {
                  "name": "FEDORA-2012-18494",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093260.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-5534",
        "datePublished": "2012-12-03T21:00:00.000Z",
        "dateReserved": "2012-10-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:05:47.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5854 (GCVE-0-2012-5854)

    Vulnerability from cvelistv5 – Published: 2012-11-19 11:00 – Updated: 2024-08-06 21:21
    VLAI
    Summary
    Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/87279 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/56482 vdb-entryx_refsource_BID
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/51377 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://savannah.nongnu.org/bugs/?37704 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2012/11/12/2 mailing-listx_refsource_MLIST
    https://wiki.mageia.org/en/Support/Advisories/MGA… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-updates/2012-1… vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://weechat.org/security/ x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    Date Public
    2012-11-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:21:27.375Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "87279",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/87279"
              },
              {
                "name": "56482",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/56482"
              },
              {
                "name": "FEDORA-2012-17973",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092536.html"
              },
              {
                "name": "51377",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51377"
              },
              {
                "name": "openSUSE-SU-2013:0150",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://savannah.nongnu.org/bugs/?37704"
              },
              {
                "name": "[oss-security] 20121112 Re: CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer overflow when decoding IRC colors in strings",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/12/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0330"
              },
              {
                "name": "openSUSE-SU-2012:1580",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html"
              },
              {
                "name": "FEDORA-2012-17950",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092228.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://weechat.org/security/"
              },
              {
                "name": "MDVSA-2013:136",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:136"
              },
              {
                "name": "FEDORA-2012-18006",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092490.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-11-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-02-05T15:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "87279",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/87279"
            },
            {
              "name": "56482",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/56482"
            },
            {
              "name": "FEDORA-2012-17973",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092536.html"
            },
            {
              "name": "51377",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/51377"
            },
            {
              "name": "openSUSE-SU-2013:0150",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://savannah.nongnu.org/bugs/?37704"
            },
            {
              "name": "[oss-security] 20121112 Re: CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer overflow when decoding IRC colors in strings",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/11/12/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0330"
            },
            {
              "name": "openSUSE-SU-2012:1580",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html"
            },
            {
              "name": "FEDORA-2012-17950",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092228.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://weechat.org/security/"
            },
            {
              "name": "MDVSA-2013:136",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:136"
            },
            {
              "name": "FEDORA-2012-18006",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092490.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-5854",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "87279",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/87279"
                },
                {
                  "name": "56482",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/56482"
                },
                {
                  "name": "FEDORA-2012-17973",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092536.html"
                },
                {
                  "name": "51377",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/51377"
                },
                {
                  "name": "openSUSE-SU-2013:0150",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html"
                },
                {
                  "name": "https://savannah.nongnu.org/bugs/?37704",
                  "refsource": "CONFIRM",
                  "url": "https://savannah.nongnu.org/bugs/?37704"
                },
                {
                  "name": "[oss-security] 20121112 Re: CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer overflow when decoding IRC colors in strings",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/11/12/2"
                },
                {
                  "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0330",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0330"
                },
                {
                  "name": "openSUSE-SU-2012:1580",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html"
                },
                {
                  "name": "FEDORA-2012-17950",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092228.html"
                },
                {
                  "name": "http://weechat.org/security/",
                  "refsource": "CONFIRM",
                  "url": "http://weechat.org/security/"
                },
                {
                  "name": "MDVSA-2013:136",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:136"
                },
                {
                  "name": "FEDORA-2012-18006",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092490.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-5854",
        "datePublished": "2012-11-19T11:00:00.000Z",
        "dateReserved": "2012-11-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:21:27.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-1428 (GCVE-0-2011-1428)

    Vulnerability from cvelistv5 – Published: 2011-03-16 22:00 – Updated: 2024-09-17 02:16
    VLAI
    Summary
    Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://savannah.nongnu.org/patch/index.php?7459 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/46612 vdb-entryx_refsource_BID
    http://git.savannah.gnu.org/gitweb/?p=weechat.git… x_refsource_CONFIRM
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    http://secunia.com/advisories/43543 third-party-advisoryx_refsource_SECUNIA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:28:40.998Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://savannah.nongnu.org/patch/index.php?7459"
              },
              {
                "name": "46612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/46612"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91"
              },
              {
                "name": "20110227 weechat does not properly use gnutls and allow an attacker to bypass certificate verification",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html"
              },
              {
                "name": "43543",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43543"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-03-16T22:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://savannah.nongnu.org/patch/index.php?7459"
            },
            {
              "name": "46612",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/46612"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git%3Ba=commit%3Bh=c265cad1c95b84abfd4e8d861f25926ef13b5d91"
            },
            {
              "name": "20110227 weechat does not properly use gnutls and allow an attacker to bypass certificate verification",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html"
            },
            {
              "name": "43543",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43543"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-1428",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://savannah.nongnu.org/patch/index.php?7459",
                  "refsource": "CONFIRM",
                  "url": "http://savannah.nongnu.org/patch/index.php?7459"
                },
                {
                  "name": "46612",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/46612"
                },
                {
                  "name": "http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commit;h=c265cad1c95b84abfd4e8d861f25926ef13b5d91",
                  "refsource": "CONFIRM",
                  "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commit;h=c265cad1c95b84abfd4e8d861f25926ef13b5d91"
                },
                {
                  "name": "20110227 weechat does not properly use gnutls and allow an attacker to bypass certificate verification",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0671.html"
                },
                {
                  "name": "43543",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43543"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-1428",
        "datePublished": "2011-03-16T22:00:00.000Z",
        "dateReserved": "2011-03-16T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:16:44.046Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0661 (GCVE-0-2009-0661)

    Vulnerability from cvelistv5 – Published: 2009-03-19 10:00 – Updated: 2024-08-07 04:40
    VLAI
    Summary
    Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://savannah.nongnu.org/bugs/index.php?25862 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/34148 vdb-entryx_refsource_BID
    http://secunia.com/advisories/34304 third-party-advisoryx_refsource_SECUNIA
    http://weechat.flashtux.org/ x_refsource_CONFIRM
    http://osvdb.org/52763 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2009/0758 vdb-entryx_refsource_VUPEN
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940 x_refsource_CONFIRM
    http://www.debian.org/security/2009/dsa-1744 vendor-advisoryx_refsource_DEBIAN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/34328 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2009/03/17/8 mailing-listx_refsource_MLIST
    Date Public
    2009-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:40:05.127Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://savannah.nongnu.org/bugs/index.php?25862"
              },
              {
                "name": "34148",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34148"
              },
              {
                "name": "34304",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34304"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://weechat.flashtux.org/"
              },
              {
                "name": "52763",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/52763"
              },
              {
                "name": "ADV-2009-0758",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0758"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940"
              },
              {
                "name": "DSA-1744",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1744"
              },
              {
                "name": "weechat-ircmessage-dos(49295)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49295"
              },
              {
                "name": "34328",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34328"
              },
              {
                "name": "[oss-security] 20090317 Re: CVE request -- firefox, vlc, WeeChat",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/03/17/8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://savannah.nongnu.org/bugs/index.php?25862"
            },
            {
              "name": "34148",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34148"
            },
            {
              "name": "34304",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34304"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://weechat.flashtux.org/"
            },
            {
              "name": "52763",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/52763"
            },
            {
              "name": "ADV-2009-0758",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0758"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940"
            },
            {
              "name": "DSA-1744",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1744"
            },
            {
              "name": "weechat-ircmessage-dos(49295)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49295"
            },
            {
              "name": "34328",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34328"
            },
            {
              "name": "[oss-security] 20090317 Re: CVE request -- firefox, vlc, WeeChat",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/03/17/8"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-0661",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://savannah.nongnu.org/bugs/index.php?25862",
                  "refsource": "CONFIRM",
                  "url": "http://savannah.nongnu.org/bugs/index.php?25862"
                },
                {
                  "name": "34148",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34148"
                },
                {
                  "name": "34304",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34304"
                },
                {
                  "name": "http://weechat.flashtux.org/",
                  "refsource": "CONFIRM",
                  "url": "http://weechat.flashtux.org/"
                },
                {
                  "name": "52763",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/52763"
                },
                {
                  "name": "ADV-2009-0758",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0758"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940"
                },
                {
                  "name": "DSA-1744",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2009/dsa-1744"
                },
                {
                  "name": "weechat-ircmessage-dos(49295)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49295"
                },
                {
                  "name": "34328",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34328"
                },
                {
                  "name": "[oss-security] 20090317 Re: CVE request -- firefox, vlc, WeeChat",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2009/03/17/8"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-0661",
        "datePublished": "2009-03-19T10:00:00.000Z",
        "dateReserved": "2009-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:40:05.127Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }