MidnightBSD

Advisories for eggheads

CVE-2004-0274 HIGH

Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bot to a sharebot and conduct unauthorized activities.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eggheads eggdrop_irc_bot 1.6.11
eggheads eggdrop_irc_bot 1.6.13
eggheads eggdrop_irc_bot 1.6.14
eggheads eggdrop_irc_bot 1.6.15
eggheads eggdrop_irc_bot 1.6.12
eggheads eggdrop_irc_bot 1.6.10
CVE-2020-29576 HIGH

The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Systems using the Eggdrop Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eggheads eggdrop_docker_image 1.8.2
eggheads eggdrop_docker_image 1.8.3
eggheads eggdrop_docker_image 1.8.0
eggheads eggdrop_docker_image 1.8.4
eggheads eggdrop_docker_image 1.6.21
eggheads eggdrop_docker_image 1.6
eggheads eggdrop_docker_image 1.8.1