Search criteria
13 vulnerabilities by quassel-irc
CVE-2021-34825 (GCVE-0-2021-34825)
Vulnerability from cvelistv5 – Published: 2021-06-17 13:25 – Updated: 2024-08-04 00:26
VLAI
Summary
Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/quassel/quassel/pull/581 | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:53.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/quassel/quassel/pull/581"
},
{
"name": "FEDORA-2021-2e2ba6d39f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFTSGJUJHCA3KGQBO6OZXWU7JFKVHMJ/"
},
{
"name": "FEDORA-2021-75cec6e6da",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZFWRN5P2WG23MWMVAEVV3YBHGFJHDSW/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-30T04:06:17.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/quassel/quassel/pull/581"
},
{
"name": "FEDORA-2021-2e2ba6d39f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFTSGJUJHCA3KGQBO6OZXWU7JFKVHMJ/"
},
{
"name": "FEDORA-2021-75cec6e6da",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZFWRN5P2WG23MWMVAEVV3YBHGFJHDSW/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-34825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/quassel/quassel/pull/581",
"refsource": "MISC",
"url": "https://github.com/quassel/quassel/pull/581"
},
{
"name": "FEDORA-2021-2e2ba6d39f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JOFTSGJUJHCA3KGQBO6OZXWU7JFKVHMJ/"
},
{
"name": "FEDORA-2021-75cec6e6da",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZFWRN5P2WG23MWMVAEVV3YBHGFJHDSW/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-34825",
"datePublished": "2021-06-17T13:25:39.000Z",
"dateReserved": "2021-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:26:53.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000179 (GCVE-0-2018-1000179)
Vulnerability from cvelistv5 – Published: 2018-05-08 15:00 – Updated: 2024-08-05 12:33
VLAI
Summary
A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2018/dsa-4189 | vendor-advisoryx_refsource_DEBIAN |
| https://security.gentoo.org/glsa/201806-04 | vendor-advisoryx_refsource_GENTOO |
| https://github.com/quassel/quassel/blob/master/sr… | x_refsource_CONFIRM |
| https://usn.ubuntu.com/4594-1/ | vendor-advisoryx_refsource_UBUNTU |
Date Public
2018-04-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:33:49.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4189",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4189"
},
{
"name": "GLSA-201806-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201806-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236"
},
{
"name": "USN-4594-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4594-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-04-30T00:00:00.000Z",
"datePublic": "2018-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login \u0026msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-26T21:06:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4189",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4189"
},
{
"name": "GLSA-201806-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201806-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236"
},
{
"name": "USN-4594-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4594-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-04-30T20:15:49.358309",
"DATE_REQUESTED": "2018-04-23T00:00:00",
"ID": "CVE-2018-1000179",
"REQUESTER": "nongiach@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login \u0026msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4189",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4189"
},
{
"name": "GLSA-201806-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201806-04"
},
{
"name": "https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236",
"refsource": "CONFIRM",
"url": "https://github.com/quassel/quassel/blob/master/src/core/coreauthhandler.cpp#L236"
},
{
"name": "USN-4594-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4594-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000179",
"datePublished": "2018-05-08T15:00:00.000Z",
"dateReserved": "2018-04-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:33:49.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000178 (GCVE-0-2018-1000178)
Vulnerability from cvelistv5 – Published: 2018-05-08 15:00 – Updated: 2024-08-05 12:33
VLAI
Summary
A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2018/dsa-4189 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://github.com/quassel/quassel/blob/master/sr… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201806-04 | vendor-advisoryx_refsource_GENTOO |
| https://i.imgur.com/JJ4QcNq.png | x_refsource_MISC |
| https://usn.ubuntu.com/4594-1/ | vendor-advisoryx_refsource_UBUNTU |
Date Public
2018-04-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:33:49.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4189",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4189"
},
{
"name": "[debian-lts-announce] 20180504 [SECURITY] [DLA 1370-1] quassel security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62"
},
{
"name": "GLSA-201806-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201806-04"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://i.imgur.com/JJ4QcNq.png"
},
{
"name": "USN-4594-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4594-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-04-30T00:00:00.000Z",
"datePublic": "2018-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray \u0026msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-26T21:06:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4189",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4189"
},
{
"name": "[debian-lts-announce] 20180504 [SECURITY] [DLA 1370-1] quassel security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62"
},
{
"name": "GLSA-201806-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201806-04"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://i.imgur.com/JJ4QcNq.png"
},
{
"name": "USN-4594-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4594-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-04-30T20:15:49.357909",
"DATE_REQUESTED": "2018-04-23T00:00:00",
"ID": "CVE-2018-1000178",
"REQUESTER": "nongiach@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray \u0026msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4189",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4189"
},
{
"name": "[debian-lts-announce] 20180504 [SECURITY] [DLA 1370-1] quassel security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00001.html"
},
{
"name": "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62",
"refsource": "CONFIRM",
"url": "https://github.com/quassel/quassel/blob/master/src/common/protocols/datastream/datastreampeer.cpp#L62"
},
{
"name": "GLSA-201806-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201806-04"
},
{
"name": "https://i.imgur.com/JJ4QcNq.png",
"refsource": "MISC",
"url": "https://i.imgur.com/JJ4QcNq.png"
},
{
"name": "USN-4594-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4594-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000178",
"datePublished": "2018-05-08T15:00:00.000Z",
"dateReserved": "2018-04-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:33:49.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4414 (GCVE-0-2016-4414)
Vulnerability from cvelistv5 – Published: 2016-06-13 19:00 – Updated: 2024-08-06 00:25
VLAI
Summary
The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2016/04/30/4 | mailing-listx_refsource_MLIST |
| https://github.com/quassel/quassel/commit/e678873 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2016-0… | vendor-advisoryx_refsource_SUSE |
| http://quassel-irc.org/node/129 | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2016/04/30/2 | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2016-04-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160430 Re: CVE request - Quassel IRC denial of service",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/30/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/quassel/quassel/commit/e678873"
},
{
"name": "openSUSE-SU-2016:1314",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00063.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://quassel-irc.org/node/129"
},
{
"name": "FEDORA-2016-bf916bcc04",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183746.html"
},
{
"name": "[oss-security] 20160430 CVE request - Quassel IRC denial of service",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/30/2"
},
{
"name": "FEDORA-2016-42f30d76a0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183571.html"
},
{
"name": "FEDORA-2016-0431acaa78",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183585.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-13T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160430 Re: CVE request - Quassel IRC denial of service",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/30/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/quassel/quassel/commit/e678873"
},
{
"name": "openSUSE-SU-2016:1314",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00063.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://quassel-irc.org/node/129"
},
{
"name": "FEDORA-2016-bf916bcc04",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183746.html"
},
{
"name": "[oss-security] 20160430 CVE request - Quassel IRC denial of service",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/30/2"
},
{
"name": "FEDORA-2016-42f30d76a0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183571.html"
},
{
"name": "FEDORA-2016-0431acaa78",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183585.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160430 Re: CVE request - Quassel IRC denial of service",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/30/4"
},
{
"name": "https://github.com/quassel/quassel/commit/e678873",
"refsource": "CONFIRM",
"url": "https://github.com/quassel/quassel/commit/e678873"
},
{
"name": "openSUSE-SU-2016:1314",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00063.html"
},
{
"name": "http://quassel-irc.org/node/129",
"refsource": "CONFIRM",
"url": "http://quassel-irc.org/node/129"
},
{
"name": "FEDORA-2016-bf916bcc04",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183746.html"
},
{
"name": "[oss-security] 20160430 CVE request - Quassel IRC denial of service",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/30/2"
},
{
"name": "FEDORA-2016-42f30d76a0",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183571.html"
},
{
"name": "FEDORA-2016-0431acaa78",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183585.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4414",
"datePublished": "2016-06-13T19:00:00.000Z",
"dateReserved": "2016-04-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:25:14.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8547 (GCVE-0-2015-8547)
Vulnerability from cvelistv5 – Published: 2016-01-08 19:00 – Updated: 2024-08-06 08:20
VLAI
Summary
The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-updates/2015-1… | vendor-advisoryx_refsource_SUSE |
| https://github.com/quassel/quassel/pull/153 | x_refsource_CONFIRM |
| https://github.com/quassel/quassel/commit/b8edbda… | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2015/12/12/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2015/12/13/1 | mailing-listx_refsource_MLIST |
Date Public
2015-12-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2015:2345",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00099.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/quassel/quassel/pull/153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7"
},
{
"name": "FEDORA-2016-3bc3d7f66e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174976.html"
},
{
"name": "FEDORA-2016-7f0b1e47ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.html"
},
{
"name": "[oss-security] 20151212 CVE request: Remote DoS in Quassel",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/12/1"
},
{
"name": "[oss-security] 20151212 Re: CVE request: Remote DoS in Quassel",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/13/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the \"/op *\" command in a query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2015:2345",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00099.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/quassel/quassel/pull/153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7"
},
{
"name": "FEDORA-2016-3bc3d7f66e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174976.html"
},
{
"name": "FEDORA-2016-7f0b1e47ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.html"
},
{
"name": "[oss-security] 20151212 CVE request: Remote DoS in Quassel",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/12/1"
},
{
"name": "[oss-security] 20151212 Re: CVE request: Remote DoS in Quassel",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/13/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the \"/op *\" command in a query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:2345",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00099.html"
},
{
"name": "https://github.com/quassel/quassel/pull/153",
"refsource": "CONFIRM",
"url": "https://github.com/quassel/quassel/pull/153"
},
{
"name": "https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7",
"refsource": "CONFIRM",
"url": "https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7"
},
{
"name": "FEDORA-2016-3bc3d7f66e",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174976.html"
},
{
"name": "FEDORA-2016-7f0b1e47ac",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.html"
},
{
"name": "[oss-security] 20151212 CVE request: Remote DoS in Quassel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/12/1"
},
{
"name": "[oss-security] 20151212 Re: CVE request: Remote DoS in Quassel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/13/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8547",
"datePublished": "2016-01-08T19:00:00.000Z",
"dateReserved": "2015-12-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:20:43.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3427 (GCVE-0-2015-3427)
Vulnerability from cvelistv5 – Published: 2015-05-14 14:00 – Updated: 2024-08-06 05:47
VLAI
Summary
Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.quassel-irc.org/node/127 | x_refsource_CONFIRM |
| http://www.debian.org/security/2015/dsa-3258 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/74339 | vdb-entryx_refsource_BID |
Date Public
2015-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.quassel-irc.org/node/127"
},
{
"name": "DSA-3258",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3258"
},
{
"name": "74339",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74339"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \\ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.quassel-irc.org/node/127"
},
{
"name": "DSA-3258",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3258"
},
{
"name": "74339",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74339"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \\ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.quassel-irc.org/node/127",
"refsource": "CONFIRM",
"url": "http://www.quassel-irc.org/node/127"
},
{
"name": "DSA-3258",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3258"
},
{
"name": "74339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74339"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3427",
"datePublished": "2015-05-14T14:00:00.000Z",
"dateReserved": "2015-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:47:57.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2779 (GCVE-0-2015-2779)
Vulnerability from cvelistv5 – Published: 2015-04-10 14:00 – Updated: 2024-08-06 05:24
VLAI
Summary
Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://github.com/quassel/quassel/commit/b5e3897… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2015/0… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/74048 | vdb-entryx_refsource_BID |
| http://lists.opensuse.org/opensuse-updates/2015-0… | vendor-advisoryx_refsource_SUSE |
| http://www.openwall.com/lists/oss-security/2015/0… | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2015/03/28/3 | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2015-02-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:38.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
},
{
"name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
},
{
"name": "74048",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74048"
},
{
"name": "openSUSE-SU-2015:0687",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
},
{
"name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
},
{
"name": "FEDORA-2015-4689",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163054.html"
},
{
"name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
},
{
"name": "FEDORA-2015-4531",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158666.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
},
{
"name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
},
{
"name": "74048",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74048"
},
{
"name": "openSUSE-SU-2015:0687",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
},
{
"name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
},
{
"name": "FEDORA-2015-4689",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163054.html"
},
{
"name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
},
{
"name": "FEDORA-2015-4531",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158666.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8",
"refsource": "CONFIRM",
"url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
},
{
"name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
},
{
"name": "74048",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74048"
},
{
"name": "openSUSE-SU-2015:0687",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
},
{
"name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
},
{
"name": "FEDORA-2015-4689",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163054.html"
},
{
"name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
},
{
"name": "FEDORA-2015-4531",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158666.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2779",
"datePublished": "2015-04-10T14:00:00.000Z",
"dateReserved": "2015-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:24:38.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2778 (GCVE-0-2015-2778)
Vulnerability from cvelistv5 – Published: 2015-04-10 14:00 – Updated: 2024-08-06 05:24
VLAI
Summary
Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/quassel/quassel/commit/b5e3897… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2015/0… | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-updates/2015-0… | vendor-advisoryx_refsource_SUSE |
| http://www.openwall.com/lists/oss-security/2015/0… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2015/03/28/3 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/73305 | vdb-entryx_refsource_BID |
Date Public
2015-02-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:38.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
},
{
"name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
},
{
"name": "openSUSE-SU-2015:0687",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
},
{
"name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
},
{
"name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
},
{
"name": "73305",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
},
{
"name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
},
{
"name": "openSUSE-SU-2015:0687",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
},
{
"name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
},
{
"name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
},
{
"name": "73305",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73305"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8",
"refsource": "CONFIRM",
"url": "https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8"
},
{
"name": "[oss-security] 20150320 CVE request: denial of service in Quassel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/20/12"
},
{
"name": "openSUSE-SU-2015:0687",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html"
},
{
"name": "[oss-security] 20150327 Re: CVE request: denial of service in Quassel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/27/11"
},
{
"name": "[oss-security] 20150328 Re: CVE request: denial of service in Quassel",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/28/3"
},
{
"name": "73305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73305"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2778",
"datePublished": "2015-04-10T14:00:00.000Z",
"dateReserved": "2015-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:24:38.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8483 (GCVE-0-2014-8483)
Vulnerability from cvelistv5 – Published: 2014-11-06 15:00 – Updated: 2024-08-06 13:18
VLAI
Summary
The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/61932 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.opensuse.org/opensuse-updates/2014-1… | vendor-advisoryx_refsource_SUSE |
| http://www.ubuntu.com/usn/USN-2401-1 | vendor-advisoryx_refsource_UBUNTU |
| http://secunia.com/advisories/62261 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2014/dsa-3063 | vendor-advisoryx_refsource_DEBIAN |
| http://bugs.quassel-irc.org/issues/1314 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2015-0… | vendor-advisoryx_refsource_SUSE |
| http://www.debian.org/security/2014/dsa-3068 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/62035 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.opensuse.org/opensuse-updates/2014-1… | vendor-advisoryx_refsource_SUSE |
| https://github.com/quassel/quassel/commit/8b5ecd2… | x_refsource_CONFIRM |
Date Public
2014-09-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:48.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61932",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61932"
},
{
"name": "openSUSE-SU-2014:1406",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html"
},
{
"name": "USN-2401-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2401-1"
},
{
"name": "62261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62261"
},
{
"name": "DSA-3063",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3063"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.quassel-irc.org/issues/1314"
},
{
"name": "openSUSE-SU-2015:0573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
},
{
"name": "DSA-3068",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3068"
},
{
"name": "62035",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62035"
},
{
"name": "openSUSE-SU-2014:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-25T12:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "61932",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61932"
},
{
"name": "openSUSE-SU-2014:1406",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html"
},
{
"name": "USN-2401-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2401-1"
},
{
"name": "62261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62261"
},
{
"name": "DSA-3063",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3063"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.quassel-irc.org/issues/1314"
},
{
"name": "openSUSE-SU-2015:0573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
},
{
"name": "DSA-3068",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3068"
},
{
"name": "62035",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62035"
},
{
"name": "openSUSE-SU-2014:1382",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61932",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61932"
},
{
"name": "openSUSE-SU-2014:1406",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html"
},
{
"name": "USN-2401-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2401-1"
},
{
"name": "62261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62261"
},
{
"name": "DSA-3063",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3063"
},
{
"name": "http://bugs.quassel-irc.org/issues/1314",
"refsource": "CONFIRM",
"url": "http://bugs.quassel-irc.org/issues/1314"
},
{
"name": "openSUSE-SU-2015:0573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
},
{
"name": "DSA-3068",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3068"
},
{
"name": "62035",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62035"
},
{
"name": "openSUSE-SU-2014:1382",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html"
},
{
"name": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138",
"refsource": "CONFIRM",
"url": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8483",
"datePublished": "2014-11-06T15:00:00.000Z",
"dateReserved": "2014-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:18:48.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6404 (GCVE-0-2013-6404)
Vulnerability from cvelistv5 – Published: 2013-12-09 11:00 – Updated: 2024-08-06 17:39
VLAI
Summary
Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://github.com/quassel/quassel/commit/a1a24da | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2013-1… | vendor-advisoryx_refsource_SUSE |
| http://www.openwall.com/lists/oss-security/2013/11/28/8 | mailing-listx_refsource_MLIST |
| http://quassel-irc.org/node/123 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/55640 | third-party-advisoryx_refsource_SECUNIA |
| http://lists.opensuse.org/opensuse-updates/2014-0… | vendor-advisoryx_refsource_SUSE |
| http://osvdb.org/100432 | vdb-entryx_refsource_OSVDB |
Date Public
2013-11-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/quassel/quassel/commit/a1a24da"
},
{
"name": "openSUSE-SU-2013:1929",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"
},
{
"name": "[oss-security] 20131127 Re: CVE Request: Quassel IRC - manipulated clients can access backlog of all users on a shared core",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/28/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://quassel-irc.org/node/123"
},
{
"name": "quasselirc-cve20136404-sec-bypass(89377)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89377"
},
{
"name": "55640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55640"
},
{
"name": "openSUSE-SU-2014:0114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html"
},
{
"name": "100432",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100432"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users\u0027 backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/quassel/quassel/commit/a1a24da"
},
{
"name": "openSUSE-SU-2013:1929",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"
},
{
"name": "[oss-security] 20131127 Re: CVE Request: Quassel IRC - manipulated clients can access backlog of all users on a shared core",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/28/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://quassel-irc.org/node/123"
},
{
"name": "quasselirc-cve20136404-sec-bypass(89377)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89377"
},
{
"name": "55640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55640"
},
{
"name": "openSUSE-SU-2014:0114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html"
},
{
"name": "100432",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100432"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users\u0027 backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/quassel/quassel/commit/a1a24da",
"refsource": "CONFIRM",
"url": "https://github.com/quassel/quassel/commit/a1a24da"
},
{
"name": "openSUSE-SU-2013:1929",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"
},
{
"name": "[oss-security] 20131127 Re: CVE Request: Quassel IRC - manipulated clients can access backlog of all users on a shared core",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/11/28/8"
},
{
"name": "http://quassel-irc.org/node/123",
"refsource": "CONFIRM",
"url": "http://quassel-irc.org/node/123"
},
{
"name": "quasselirc-cve20136404-sec-bypass(89377)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89377"
},
{
"name": "55640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55640"
},
{
"name": "openSUSE-SU-2014:0114",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html"
},
{
"name": "100432",
"refsource": "OSVDB",
"url": "http://osvdb.org/100432"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6404",
"datePublished": "2013-12-09T11:00:00.000Z",
"dateReserved": "2013-11-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:39:01.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3443 (GCVE-0-2010-3443)
Vulnerability from cvelistv5 – Published: 2013-11-23 11:00 – Updated: 2024-08-07 03:11
VLAI
Summary
ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service (unresponsive IRC) via multiple Client-To-Client Protocol (CTCP) requests in a PRIVMSG message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://git.quassel-irc.org/?p=quassel.git%3Ba=com… | x_refsource_CONFIRM |
| http://bugs.quassel-irc.org/issues/1023 | x_refsource_CONFIRM |
| http://bugs.quassel-irc.org/issues/1024 | x_refsource_CONFIRM |
| http://secunia.com/advisories/55581 | third-party-advisoryx_refsource_SECUNIA |
| http://ubuntu.com/usn/usn-991-1 | vendor-advisoryx_refsource_UBUNTU |
| http://quassel-irc.org/node/115 | x_refsource_CONFIRM |
| http://security.gentoo.org/glsa/glsa-201311-03.xml | vendor-advisoryx_refsource_GENTOO |
Date Public
2013-11-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:11:43.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.quassel-irc.org/?p=quassel.git%3Ba=commitdiff%3Bh=a4ca568cdf68cf4a0343eb161518dc8e50cea87d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.quassel-irc.org/issues/1023"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.quassel-irc.org/issues/1024"
},
{
"name": "55581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55581"
},
{
"name": "USN-991-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-991-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://quassel-irc.org/node/115"
},
{
"name": "GLSA-201311-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service (unresponsive IRC) via multiple Client-To-Client Protocol (CTCP) requests in a PRIVMSG message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-23T18:10:04.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.quassel-irc.org/?p=quassel.git%3Ba=commitdiff%3Bh=a4ca568cdf68cf4a0343eb161518dc8e50cea87d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.quassel-irc.org/issues/1023"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.quassel-irc.org/issues/1024"
},
{
"name": "55581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55581"
},
{
"name": "USN-991-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-991-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://quassel-irc.org/node/115"
},
{
"name": "GLSA-201311-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3443",
"datePublished": "2013-11-23T11:00:00.000Z",
"dateReserved": "2010-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:11:43.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4422 (GCVE-0-2013-4422)
Vulnerability from cvelistv5 – Published: 2013-10-23 15:00 – Updated: 2024-08-06 16:45
VLAI
Summary
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://quassel-irc.org/node/120 | x_refsource_CONFIRM |
| http://secunia.com/advisories/55194 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/55581 | third-party-advisoryx_refsource_SECUNIA |
| http://bugs.quassel-irc.org/issues/1244 | x_refsource_CONFIRM |
| http://seclists.org/oss-sec/2013/q4/74 | mailing-listx_refsource_MLIST |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://security.gentoo.org/glsa/glsa-201311-03.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/62923 | vdb-entryx_refsource_BID |
Date Public
2013-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:13.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://quassel-irc.org/node/120"
},
{
"name": "55194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55194"
},
{
"name": "55581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55581"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.quassel-irc.org/issues/1244"
},
{
"name": "[oss-security] 20131010 Re: CVE Request - Quassel IRC SQL injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/74"
},
{
"name": "quasselirc-backslash-sql-injection(87805)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87805"
},
{
"name": "GLSA-201311-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
},
{
"name": "62923",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62923"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \\ (backslash) in a message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://quassel-irc.org/node/120"
},
{
"name": "55194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55194"
},
{
"name": "55581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55581"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.quassel-irc.org/issues/1244"
},
{
"name": "[oss-security] 20131010 Re: CVE Request - Quassel IRC SQL injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/74"
},
{
"name": "quasselirc-backslash-sql-injection(87805)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87805"
},
{
"name": "GLSA-201311-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
},
{
"name": "62923",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62923"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4422",
"datePublished": "2013-10-23T15:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:13.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3354 (GCVE-0-2011-3354)
Vulnerability from cvelistv5 – Published: 2011-10-04 10:00 – Updated: 2024-08-06 23:29
VLAI
Summary
The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the wild in September 2011.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://osvdb.org/75351 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/45970 | third-party-advisoryx_refsource_SECUNIA |
| http://www.ubuntu.com/usn/USN-1200-1 | vendor-advisoryx_refsource_UBUNTU |
| http://bugs.quassel-irc.org/projects/quassel-irc/… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/49526 | vdb-entryx_refsource_BID |
| https://bugs.gentoo.org/show_bug.cgi?id=382313 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.openwall.com/lists/oss-security/2011/09/09/7 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2011/09/08/7 | mailing-listx_refsource_MLIST |
Date Public
2011-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75351",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/75351"
},
{
"name": "45970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45970"
},
{
"name": "USN-1200-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1200-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.quassel-irc.org/projects/quassel-irc/repository/revisions/da215fcb9cd3096a3e223c87577d5d4ab8f8518b/diff/src/core/ctcpparser.cpp"
},
{
"name": "49526",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49526"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=382313"
},
{
"name": "quasselirc-ctcp-dos(69682)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69682"
},
{
"name": "[oss-security] 20110909 Re: CVE request: Quassel \u003c 0.7.3 CTCP request core DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/09/7"
},
{
"name": "[oss-security] 20110908 CVE request: Quassel \u003c 0.7.3 CTCP request core DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/08/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the wild in September 2011."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "75351",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/75351"
},
{
"name": "45970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45970"
},
{
"name": "USN-1200-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1200-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.quassel-irc.org/projects/quassel-irc/repository/revisions/da215fcb9cd3096a3e223c87577d5d4ab8f8518b/diff/src/core/ctcpparser.cpp"
},
{
"name": "49526",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49526"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=382313"
},
{
"name": "quasselirc-ctcp-dos(69682)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69682"
},
{
"name": "[oss-security] 20110909 Re: CVE request: Quassel \u003c 0.7.3 CTCP request core DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/09/7"
},
{
"name": "[oss-security] 20110908 CVE request: Quassel \u003c 0.7.3 CTCP request core DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/09/08/7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3354",
"datePublished": "2011-10-04T10:00:00.000Z",
"dateReserved": "2011-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:29:56.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}