Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| silc | secure_internet_live_conferencing | 0.9.11 |
| silc | secure_internet_live_conferencing | 0.9.12 |
silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 and earlier allows local users to overwrite arbitrary files via a symlink attack on the silcd.[PID].stats temporary file.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| silc | secure_internet_live_conferencing | 0.9.19 |
| silc | secure_internet_live_conferencing | 0.9.11 |
| silc | secure_internet_live_conferencing | 0.9.16 |
| silc | secure_internet_live_conferencing | 0.9.17 |
| silc | secure_internet_live_conferencing | 1.0 |
| silc | secure_internet_live_conferencing | 0.9.21 |
| silc | secure_internet_live_conferencing | 0.9.13 |
| silc | secure_internet_live_conferencing | 0.9.14 |
| silc | secure_internet_live_conferencing | 0.9.15 |
| silc | secure_internet_live_conferencing | 0.9.12 |
| silc | secure_internet_live_conferencing | 0.9.18 |
| silc | secure_internet_live_conferencing | 0.9.20 |