Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Atheme Subscribe
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24976 1 Atheme 1 Atheme 2022-02-23 5.8 MEDIUM 9.1 CRITICAL
Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.
CVE-2017-6384 1 Atheme 1 Atheme 2019-10-02 7.8 HIGH 7.5 HIGH
Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed in 7.2.8.
CVE-2014-9773 2 Atheme, Opensuse 3 Atheme, Leap, Opensuse 2018-10-30 5.0 MEDIUM 7.5 HIGH
modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.
CVE-2016-4478 3 Atheme, Debian, Opensuse 4 Atheme, Debian Linux, Leap and 1 more 2018-10-30 5.0 MEDIUM 7.5 HIGH
Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.
CVE-2012-1576 1 Atheme 1 Atheme 2013-04-04 6.0 MEDIUM N/A
The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user.