Vulnerabilities > Atheme

DATE CVE VULNERABILITY TITLE RISK
2022-02-14 CVE-2022-24976 Improper Authentication vulnerability in Atheme
Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.
network
low complexity
atheme CWE-287
critical
9.1
2017-03-02 CVE-2017-6384 Missing Release of Resource after Effective Lifetime vulnerability in Atheme 7.2.7
Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service.
network
low complexity
atheme CWE-772
7.5
2016-06-13 CVE-2016-4478 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.
network
low complexity
opensuse atheme debian CWE-119
7.5
2016-06-13 CVE-2014-9773 Improper Access Control vulnerability in multiple products
modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.
network
low complexity
opensuse atheme CWE-284
7.5