CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-34825
https://notcve.org/view.php?id=CVE-2021-34825
17 Jun 2021 — Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system. Quassel versiones hasta 0.13.1, cuando --require-ssl está habilitado, se lanza sin soporte SSL o TLS si no es encontrado un certificado X.509 usable en el sistema local • https://github.com/quassel/quassel/pull/581 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2018-1000178 – Ubuntu Security Notice USN-4594-1
https://notcve.org/view.php?id=CVE-2018-1000178
04 May 2018 — A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely. Existe una corrupción de memoria dinámica (heap) de tipo CWE-120 en quassel 0.12.4 en quasselcore en void DataStreamPeer::processMessage(const QByteArray msg) datastreampeer.cpp en la línea 62 que permite que un atacante ejecute código remotamente. It was discovered that Quassel incorrectly... • https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-1000179 – Ubuntu Security Notice USN-4594-1
https://notcve.org/view.php?id=CVE-2018-1000179
04 May 2018 — A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service. Existe una desreferencia de puntero NULL de tipo CWE-476 en quassel 0.12.4 en quasselcore en void DataStreamPeer::processMessage(const QByteArray msg) datastreampeer.cpp line 235 que permite que un atacante provoque una denegación de servicio (DoS). It was discovered that Quassel incorrectly... • https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2016-4414
https://notcve.org/view.php?id=CVE-2016-4414
13 Jun 2016 — The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data. La función onReadyRead en core/coreauthhandler.cpp en Quassel en versiones anteriores a 0.12.4 permite a atacantes remotos provocar una caída de servicio (referencia a un puntero NULL y caída) a través de una información handshake no válida. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183571.html •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2015-8547
https://notcve.org/view.php?id=CVE-2015-8547
08 Jan 2016 — The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query. La función CoreUserInputHandler::doMode en core/coreuserinputhandler.cpp en Quassel 0.10.0 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través del comando "/op *" en una consulta. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.html • CWE-17: DEPRECATED: Code •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3427 – Debian Security Advisory 3258-1
https://notcve.org/view.php?id=CVE-2015-3427
13 May 2015 — Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422. Quassel anterior a 0.12.2 no maneja debidamente la reinicialización de la sesión de la base de datos cuando la base de datos PostgreSQL es reiniciada, lo que permite a atacantes remotos llevar a cabo ataques de inyecc... • http://www.debian.org/security/2015/dsa-3258 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-2778
https://notcve.org/view.php?id=CVE-2015-2778
10 Apr 2015 — Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters. Quassel anterior a 0.12-rc1 utiliza un tamaño de tipo de dato incorrecto cuando se divide un mensaje, lo que permite a usuarios remotos causar una denegación de servicio (caída) a través de una consulta CTCP larga conteniendo únicamente caracteres multibyte. • http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-2779
https://notcve.org/view.php?id=CVE-2015-2779
10 Apr 2015 — Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage. Vulnerabilidad del consumo de la pila en la funcionalidad de la división de mensajes en Quassel anterior a 0.12-rc1 permite a atacantes remotos causar una denegación de servicio (recursión no controlada) a través de un mensaje manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163054.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2014-8483 – Debian Security Advisory 3063-1
https://notcve.org/view.php?id=CVE-2014-8483
03 Nov 2014 — The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string. La función blowfishECB en core/cipher.cpp en Quassel IRC 0.10.0 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de una cadena malformada. An out-of-bounds read vulnerability was discovered in Quassel-core, one of the components of the distributed IRC client Quassel. An attacker can send a crafted me... • http://bugs.quassel-irc.org/issues/1314 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2013-6404
https://notcve.org/view.php?id=CVE-2013-6404
09 Dec 2013 — Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/. Quassel core (server daemon) en Quassel IRC anteriores a 0.9.2 no verifica correctamente el ID del usuario cuando accede a backlogs de usuario, lo cual permite a usuarios aut... • http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html • CWE-264: Permissions, Privileges, and Access Controls •