Quassel IRC Quassel 0.7.3

CPE Details

Quassel IRC Quassel 0.7.3
quassel-irc
quassel
0.7.3
2019-12-02
15h21 +00:00
2019-12-02
15h21 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:quassel-irc:quassel:0.7.3:*:*:*:*:*:*:*

Informations

Vendor

quassel-irc

Product

quassel

Version

0.7.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-34825 2021-06-17 11h25 +00:00 Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.
7.5
High
CVE-2016-4414 2016-06-13 17h00 +00:00 The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.
7.5
High
CVE-2015-8547 2016-01-08 18h00 +00:00 The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.
7.5
High
CVE-2015-3427 2015-05-14 12h00 +00:00 Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.
7.5
CVE-2015-2778 2015-04-10 12h00 +00:00 Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters.
5
CVE-2015-2779 2015-04-10 12h00 +00:00 Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage.
5
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.