Summary
| Detail | |||
|---|---|---|---|
| Vendor | Atheme | First view | 2012-10-01 |
| Product | Atheme | Last view | 2022-02-14 |
| Version | 6.0.8 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:atheme:atheme | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.1 | 2022-02-14 | CVE-2022-24976 | Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence. |
| 7.5 | 2016-06-13 | CVE-2016-4478 | Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding. |
| 7.5 | 2016-06-13 | CVE-2014-9773 | modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks. |
| 6 | 2012-10-01 | CVE-2012-1576 | The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 25% (1) | CWE-287 | Improper Authentication |
| 25% (1) | CWE-284 | Access Control (Authorization) Issues |
| 25% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 25% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-09 (atheme) File : nvt/glsa_201209_09.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-12-16 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_e47ab5dbc33311e6ae1b002590263bf5.nasl - Type: ACT_GATHER_INFO |
| 2016-05-24 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3586.nasl - Type: ACT_GATHER_INFO |
| 2016-05-18 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-590.nasl - Type: ACT_GATHER_INFO |
| 2012-09-26 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201209-09.nasl - Type: ACT_GATHER_INFO |
