CVE-2021-34825
https://notcve.org/view.php?id=CVE-2021-34825
Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system. Quassel versiones hasta 0.13.1, cuando --require-ssl está habilitado, se lanza sin soporte SSL o TLS si no es encontrado un certificado X.509 usable en el sistema local • https://github.com/quassel/quassel/pull/581 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZFWRN5P2WG23MWMVAEVV3YBHGFJHDSW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFTSGJUJHCA3KGQBO6OZXWU7JFKVHMJ • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2016-4414
https://notcve.org/view.php?id=CVE-2016-4414
The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data. La función onReadyRead en core/coreauthhandler.cpp en Quassel en versiones anteriores a 0.12.4 permite a atacantes remotos provocar una caída de servicio (referencia a un puntero NULL y caída) a través de una información handshake no válida. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183571.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183585.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183746.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00063.html http://quassel-irc.org/node/129 http://www.openwall.com/lists/oss-security/2016/04/30/2 http://www.openwall.com/lists/oss-security/2016/04/30/4 https://github.com/quassel/quassel/com •
CVE-2015-8547
https://notcve.org/view.php?id=CVE-2015-8547
The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query. La función CoreUserInputHandler::doMode en core/coreuserinputhandler.cpp en Quassel 0.10.0 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través del comando "/op *" en una consulta. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174976.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00099.html http://www.openwall.com/lists/oss-security/2015/12/12/1 http://www.openwall.com/lists/oss-security/2015/12/13/1 https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7 https://github.com/quassel/quassel/pull/153 • CWE-17: DEPRECATED: Code •
CVE-2015-3427
https://notcve.org/view.php?id=CVE-2015-3427
Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422. Quassel anterior a 0.12.2 no maneja debidamente la reinicialización de la sesión de la base de datos cuando la base de datos PostgreSQL es reiniciada, lo que permite a atacantes remotos llevar a cabo ataques de inyección SQL a través de \ (barra invertida) en un mensaje. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2013-4422. • http://www.debian.org/security/2015/dsa-3258 http://www.quassel-irc.org/node/127 http://www.securityfocus.com/bid/74339 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2015-2778
https://notcve.org/view.php?id=CVE-2015-2778
Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters. Quassel anterior a 0.12-rc1 utiliza un tamaño de tipo de dato incorrecto cuando se divide un mensaje, lo que permite a usuarios remotos causar una denegación de servicio (caída) a través de una consulta CTCP larga conteniendo únicamente caracteres multibyte. • http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html http://www.openwall.com/lists/oss-security/2015/03/20/12 http://www.openwall.com/lists/oss-security/2015/03/27/11 http://www.openwall.com/lists/oss-security/2015/03/28/3 http://www.securityfocus.com/bid/73305 https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8 • CWE-399: Resource Management Errors •