CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2020-14148
https://notcve.org/view.php?id=CVE-2020-14148
15 Jun 2020 — The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. La implementación del protocolo Server-Server en ngIRCd versiones anteriores a 26~rc2, permite un acceso fuera de límites, como es demostrado por la función IRC_NJOIN() • https://github.com/ngircd/ngircd/issues/274 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-5580
https://notcve.org/view.php?id=CVE-2013-5580
01 Oct 2013 — The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code for the Handle_Write function, which allows remote attackers to cause a denial of service (assertion failure and server crash) via unspecified vectors, related to a "notice auth" message not being sent to a new client. Las funciones (1) Conn_StartLogin y (2) cb_Read_Resolver_Result en conn.c de ngIRCd 18 hasta 20.... • http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=commit%3Bh=309122017ebc6fff039a7cab1b82f632853d82d5 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2013-1747
https://notcve.org/view.php?id=CVE-2013-1747
28 Mar 2013 — channel.c in ngIRCd 20 and 20.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a KICK command for a user who is not on the associated channel. channel.c en ngIRCd v20 y v20.1, permite a atacantes remotos provocar una denegación de servicio (error de aserción y caída) mediante un comando KICK para un usuario que no está en el canal asociado. • http://arthur.barton.de/pipermail/ngircd-ml/2013-February/000623.html •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2009-4652
https://notcve.org/view.php?id=CVE-2009-4652
26 Feb 2010 — The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOTD command from another server in the same IRC network, possibly related to an array index error. Las funciones (1) Conn_GetCipherInfo y (2) Conn_UsesSSL en src/ngircd/conn.c en ngIRCd 13 y 14, cuando el soporte SSL/TLS está presente y activado el modo "stan... • http://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git%3Ba=blobdiff%3Bf=src/ngircd/conn.c%3Bh=c6095a31c613bc5ca127d55b8723e15b836f1cca%3Bhp=9752a6191c7e2da5b0df64779e9cc28ad1e6241c%3Bhb=627b0b713c52406e50c84bb9459e7794262920a2%3Bhpb=95428a72ffb5214826b61d5e77f860e7ef6a6c9e •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2008-0285
https://notcve.org/view.php?id=CVE-2008-0285
15 Jan 2008 — ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference. ngIRCd 0.10.x anterior a 0.10.4 y 0.11.0 anterior a 0.11.0-pre2 permite a atacantes remotos provocar denegación de servicio (caida) a través de un mensaje manipulado IRC PART, el cual dispara una referencía no valída. • http://arthur.barton.de/cgi-bin/viewcvs.cgi/ngircd/ngircd/src/ngircd/irc-channel.c?r1=1.40&r2=1.41&diff_format=h •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-6062
https://notcve.org/view.php?id=CVE-2007-6062
20 Nov 2007 — irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause a denial of service (crash) via a JOIN command without a channel argument. El archivo irc-channel.c en ngIRCd versiones anteriores a 0.10.3, permite a atacantes remotos causar una denegación de servicio (bloqueo) por medio de un comando JOIN sin un argumento de canal. • http://arthur.barton.de/pipermail/ngircd-ml/2007-July/000292.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 20%CPEs: 1EXPL: 2CVE-2005-0199 – ngIRCd 0.6/0.7/0.8 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-0199
06 Feb 2005 — Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow. • https://www.exploit-db.com/exploits/25070 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.8EPSS: 10%CPEs: 1EXPL: 3CVE-2005-0226 – ngIRCd 0.8.2 - Remote Format String
https://notcve.org/view.php?id=CVE-2005-0226
03 Feb 2005 — Format string vulnerability in the Log_Resolver function in log.c for ngIRCd 0.8.2 and earlier, when compiled with IDENT, logging to SYSLOG, and with DEBUG enabled, allows remote attackers to execute arbitrary code. • https://www.exploit-db.com/exploits/784 •