Total
9 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-34825 | 2 Fedoraproject, Quassel-irc | 2 Fedora, Quassel | 2022-07-12 | 4.3 MEDIUM | 7.5 HIGH |
Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system. | |||||
CVE-2018-1000178 | 2 Debian, Quassel-irc | 2 Debian Linux, Quassel | 2020-10-26 | 7.5 HIGH | 9.8 CRITICAL |
A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely. | |||||
CVE-2018-1000179 | 2 Debian, Quassel-irc | 2 Debian Linux, Quassel | 2020-10-26 | 5.0 MEDIUM | 7.5 HIGH |
A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service. | |||||
CVE-2015-8547 | 2 Opensuse, Quassel-irc | 3 Leap, Opensuse, Quassel | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query. | |||||
CVE-2016-4414 | 3 Fedoraproject, Opensuse, Quassel-irc | 4 Fedora, Leap, Opensuse and 1 more | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data. | |||||
CVE-2011-3354 | 1 Quassel-irc | 1 Quassel | 2017-08-28 | 5.0 MEDIUM | N/A |
The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the wild in September 2011. | |||||
CVE-2015-3427 | 2 Debian, Quassel-irc | 2 Debian Linux, Quassel | 2016-12-05 | 7.5 HIGH | N/A |
Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422. | |||||
CVE-2015-2778 | 1 Quassel-irc | 1 Quassel | 2016-12-02 | 5.0 MEDIUM | N/A |
Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters. | |||||
CVE-2015-2779 | 1 Quassel-irc | 1 Quassel | 2016-12-02 | 5.0 MEDIUM | N/A |
Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage. |